:facepalm:

Okay so let's just sum up the ways how this could of happened:
- Someone got root access on the shared server and decided to mess up a bunch of sites.
- Someone found a malicious vBulletin plugin (or a backdoored plugin) and abused this to gain access to execute commands.
- OP had his FTP/CPanel information stolen somehow. (Which is not likely unless OP has a virus/malware.)

Also even if they had access to the database information, they can't do anything with it unless: the host has a public listening MySQL server, a public reachable PHPMyAdmin installation or if they had access to creating PHP files.

Were the access logs checked by the way?

Regardless, my advice is to move host asap.
Once you lose trust in your host, you should save yourself the trouble and move.

^ I've reviewed his reviews on exploits and other via his blog so head his advice, Dave actually knows his stuff. The rest of you geesh, argue your rears off within reason :p.

That would be a good call, Dave does know his security stuff. :)

I don't really care about your advice although I appreciate your time to chip in.

It came before: the product, vBulletin has to be a product serviceable by a user. Not by the boffins.

That is why I bought it. But appears not to be the case.

The trivialities recommended here are laughable, all the advice. Furthermore, so called "Experts" advocating open text paswords, is it not a degeneration of the humanity?

Anyone off the street could tell you open text password is a stupidity, still, here, VB coders and developers are scolding me for sayin just that.

BTW, my humble site is working well, after I have reinstalled it and not listened to anything said in this tread.

Until someone is pleased to hack it.

If you don't want people's advice, then why post? You seem to know it all, so no need to waste people's time replying to you when you tell them you don't care about the advice given.

I guess you know better than all of us who have been using it for years. Good luck.

Not really.
But I bought a product that goes a victim to anyone who wants to hack it.
Just when they want.

Then I need someone (outside of vB) to help me. That is not a product, that is rubbish.

Still talking VB4. Not VB 5.

If that was the case, every vB site in the web would be hacked, not just yours.

And they are, the world over, every day.

Those who don't know what to say, retreat to Database injections.

Really, how could that happen? It might, but the database is not vBs property, neither mine on the my site provider.
Is it a mystery that covers up blatant security holes within the vB? Like by vB coders and developers much loved open for all plain data base password?

What they might not know, entering the SQL code of the providers' database would affect not only one site. That could have happened to me and I don't know about others.
Hence your advice (if you have guts, go back and read them) were useless.

Wow,

If you installed correctly and updated when exploits were found you would have never had an issue. Even windows gets updated because exploits are found every so often.

It is a website and it is complex. There is always a learning curve but if you do not want to learn from those who know it well then good lucking finding your magic script that doesn't exist.

My site has been up since 2004 and has never had a successful "injection" attack. I have clients that have sites that go back further and have never been hacked.

At any rate, the people here have taken the time to try to share knowledge with you. Perhaps a thank you would have been a better reply and yes, your site may be running but if you did not fix the issue than I am sure it will be hacked again. All it takes with any website is one wrong move like a file permission and it is all over.

Don't waste your time on the in help able.

Amazing how amateurish and trivial advice were here. About a poor quality software that sits atop something that is a a science for them, somebody else's database.
Then, they started exploring the mysteries beyond their reach, told (vB staff did that) to the customer he has a bugger in his nose, ridiculed and did nothing.

Other than welcoming even less introduced boiler-room vultures.

Instead, a good product would have never needed them nor any discussion. Not even this site.
It would, simply, work.

Wow, just wow. SMH.

Since the OP is no longer looking for advice, now is probably a good time to just close this thread.

The only amazing thing here your attitude. :rolleyes:

Since you clearly know far better than everyone else, feel free never to ask for any advice here again.

I would close this, but it seems Lynne beat me too it.