While I came and said exactly what was done to recover, you came to tell that hundreds of customers got devastated while you did all needed?

I run Windows but never go to Win forums.
Why would I frequent this one? Should I be on a lookout to see if any minute another hacker has trashed your product that I have paid for, not free download?

Red alert in AdminCP was not there, as is when a new version or patch are available. That is where I go 2-3 times a day and could not miss it.

Yahoo is banned as junk site from where I work, checked Inbox at home, other than 1000s "vBulletin Database Error!" no others or summarily deleted with them.

There is no such thing as a "red alert". The ACP news item is there, so clearly you did miss it, and unless you dismissed it, it will still be there. If you dismissed it without reading it then thats your issue.

Whether you can find it does not change the fact an e-mail was sent. It is your responsibility to make sure your e-mail address is up to date, and doesnt filter out vb e-mails.

Transaction logs shows (2 screens, too big for 1). Does not look like legit thing, see bottom of pic 2:

It is true that an email was sent out, but only AFTER it was too late for so many sites. There was a forum announcement posted on vb.com on 8/27, but no email was sent until 9/3, presumably once it moved from a "potential exploit" that vB was investigating to a case of hundreds or thousands of sites being hacked.

For most of us, we have followed VB installation instructions for many years. This is from the 4.2 read me/install instructions:

Nothing about deleting the entire directory. Now, if there was enough of a potential exploit to post a vBulletin announcement about deleting the /install directory, there should have been an email on 8/27. Instead, myself, like so many others, got the email AFTER the site was hacked, rather than a week before.

yes, exactly. that version was asking for that, 4.2.1 does not.
let alone deleting the whole /install directory.

vB staff are in damage control, bshitting and pointing at customers as their guilt. this blunder may spell the end of them, as a company and their jobs.

next morning, someone may wake up and say: let's hack another 100 of vB sites.

Personally, since you have expended so much time, only to find things are slightly off, I would take a known CLEAN backup of your site BEFORE you had issues. I would then take a current version of your site (the only that is "dirty"), and use a program like winmerge to compare files and folders, to see what may have been changed.

From looking at that pic they are NOT legit!!!!!! I would also use a DB comparison tool, and see what, if anything may have been added to your db prior to the hack, and after... HTH

I see staff over there busting their arse to help, I bet they are handling an abundance of tickets the best they can honestly.

Now let's think about this for a minute...
- This is a 100% new exploit that was just brought to their attention, they immediately went about investigating and offering a potential fix before knowing the full extent of the issue and it was on par i.e. delete the /install/ directory. My point is they took immediate action, it's not like they are vBSEO where a KNOWN exploit was left included across countless versions over the course of a year, that was horrid and unforgivable, this was just another case of someone having too much time on their hands and just enough brainpower to pull it off half proper.
- While I agree with you on the delayed "eBulletin" email being a "fail" per say as it was several days late, the fact of the matter is this was announced, on a site that is RSS feed into more sites than there are Chevrolet cars on the road so how you missed it ENTIRELY is beyond me I'm literally baffled. Please bookmark the site and check it daily, as a vBulletin forum owner you need to check the site once daily the same as you do the mail, reading the paper, or watching the news those are daily habits and maintaining your forum is now one, make note of that!

Thanks for acknowledging that. When I asked why it was send out so late that was not a question well received at vbulletin.com.

Since when does vB5 support RSS feeds? How do I subscribe to it - genuine question, I wanted to subscribe to it since subscription to a forum does not work either, as far as I know.

Given that the messaging functions of vB5 do not work, it's not so astonishing, really.
Sorry, but you can't be serious about that. People have lives! IB twiddles their thumbs for seven days before sending out an email about a crucial security issue, and you're really of the opinion that customers have to check out the company website daily (which is, once again, running a software that lacks even the most basic subscription features)?

Sorry. It's the CONTROL PANEL LOG that will tell you anything useful. (ON EDIT: About the IP address they used.)

Ohh I didn't acknowledge I simply made a logical observation that is was later than a lost teen on prom night - I'm not on staff their anymore so (get ready for this runonramblinglol) no one cares if I acknowledged it or not unless it's for the sake of arguments sake that it was just late lol.

As for the rss feeds... you got me there and the messages you say? Is it obvious I'm not up to par on vB5 Cellarius - Can you imagine why? All I know is if it looks like a Beta Product, Smells like a Beta product, and Acts like a Beta product it surely must be a Beta product... still feels like a Beta product to me as of 9/18/2013.

So of course my arguments are invalid now that I know ;).

Also found my site hacked today! (only front page, forums still works)
I run 4.1.1

Any idea what i can do to fix this?

Thanks alot!!


This is what they did, cp log:

But not till a week after vB published it over on vB com
Why did it take a week Paul for the e mail to be sent after the Thread was made on vB com?

I wonder if VB staff get fired for telling customers they are silly. In my company he would be history and marched out with security escort that minute.

Amateurs, should not comment, have to set some place where official comment is given.

CP transaction log, 3 pics. N/A is his user name (or instead of it).

Last picture is when he actually disabled admin account (played a clip when trying to enter Admin) but the site was working.

vB staff, provide some sweep that would tell your paying customers what is wrong with their sites.
Your product, easily hacked, even for fun, may have deprived some of your customers of their bread.

As it is now, you (vB) are out of business and possibly out of your jobs.

You mean the giant guides that have been repeatedly posted on vBulletin.com and .org about how to find whats wrong, and fix your site?


Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

If you're actually looking for support, vBulletin.com forums, and or the members area would be the correct place to post.

Paul is hardly an amateur and everyone is entitled to their own opinions.

I understand you're upset however this is vbulletin.org, we are simply here to assist with the modifications listed on this site not to bash on the product/company itself.

Ladies and Gentlemen, this type of stuff happens on occasion with virtually all online software at some point in it's lifetime if not multiple times and yes that includes php/apache that runs on your server and allows vBulletin, wordpress, and countless other software to run, vulnerabilities/exploits can exist on more than one level. When you're hacked it's very unfortunate and often times more than simply upsetting if data is lost however the best thing to do in a situation like that is to focus, fix your site first then worry about posting opinions - we are all entitled to them but be sure you take care of business first i.e. your site and also direct your anger accordingly :cool:.

A blatant, fundamental lack of understanding what the term "customer" means.

I don't need support, I want the product that I have bought to function properly. Not to be redirected to lessons.

I can teach you one: the biggest asset any company has are their customers. Thousands of talented people found themselves out of their jobs because there were no customers for whatever they were making.

Where is a tool that every customer of vB can run and see if they are in danger?
Providing you have any idea what the dangers could be.

Shame on you.

You know what, never mind.

Yet another confirmation vB staff do not understand what a product means. Theirs appears to be a Mickey Mouse, any kid can hack it. As they have, are doing, and will be doing.

Make vB free and then OK.
Charge for it, you may be in court, in the dock.

Removed.

Long story short if your site has been hacked please open a new thread and ask for assistance, sometimes threads such as this become quite long and confusing for some to follow and then other times we see heated debates such as the above which tend to become tiresome to those simply reading the thread to resolve an issue.

Thread closed, if you need assistance please open a new thread with:

• Title "Site hacked please assist"
• Site URL. *Those reading this please note to not visit the site unless you're experienced in dealing with matters such as these as your pc can possibly become infected.
• Description of what's going on.

Our community here is very active and helpful, we'll do the best we can to assist!