SupportAM, look in Styles -> Templates -> FORUM HOME.

Use this to check for other templates:
https://vborg.vbsupport.ru/showthread.php?t=281080

it goes to forum.php
and using that tool didn't help either. :(

Hi,

Our forum was also hacked.

Our provider found out that this was probably the problem. Maybe it helps other forum owners.

We removed the bad code from your site's template header.
It was a malicious js code that was creating a hidden iframe to infelobarc1979.tk.
Please remember to change all your passwords and keep vBulletin up-to-date

What a mess, but we believe both sites are now clean. We also had every mod and admin change passwords. We are watching as closely as we can, but what a giant pain.

Am I wrong, or did vbulletin only put a notice up warning everyone about the problem found in early September, like the 4th or so? They did not send out emails to those using their software with current licenses? Unless I completely missed something, that is what I see. If that is the case, is that why so many sites are currently under siege? The hackers read the notices but we certainly don't go to .com or .org anywhere close to every day.

The hack in ours was inserted almost two full weeks before activation. That way our backups were also corrupted for use.

The notices were pushed out in the ACP. That is how I found out and made the appropriate fixes right away. I log in everyday to my ACP.
BOP made a wonderful mod however that will send you these notices if you do not log on into your ACP. https://vborg.vbsupport.ru/showthread.php?t=301841

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.