Hi OP. sorry about your website. I hope you do well in life.

My site got hacked yesterday.

The Hosting provider (webhostinghub.com) said it's a vB issue.

The symptom was that nobody could log in, not even Admin (myself) but the site was readable.

Why on Earth vB can not provide a function such as "restartable copy of site" that can download a snapshot of the site to a local PC?

Now I am going through the hoops and people running their sites by free software , not vB, could be laughing at me and our entire community.

Why is hacking so easy with vB? No tools on my site, all by the book.

You should really start your own thread if you're asking for support.

Any website can get hacked, even free ones. :up:

I am not asking for support.
Restored (still in process) from backups but with nothing changed nor improved, the hackers can walk in at any time again.

They do, if your site was readable then all you had to do was upload tools.php, repair your access and you're back in!

If you have all the latest patches, no extra add-ons...etc and it's a bog standard forum then it's either a very insecure admin password thats been discovered or they've accessed your server by poor ftp password, insecure folder permissions or if your on a shared server via some other vulnerability on the server maybe via another user.

Thanks, I did not know that (that tools.php) can be used to do a snapshot. Never actually seen what it looks like, never started it, just removed from the site.

It is a shared server. The pasword, although not easy, could have been cracked by some automated procedure.
Changed them all today, for site, for ftp for hosting control panel.

The site is up and running now, fully restored. What they did this morning was to insert some malware. Several members who know my private email address reported that their computers are warning them about malware (the hackers placed it in index.php, even word "Russia" was readable among other things)

tools.php doesn't do a snapshot, if you're locked out for whatever reason, database issues...etc then you upload tools.php and you can gain access, you wouldn't have had to do a restore from back up. It appears your backup has the malicious code already injected.

Download your entire directory and scan it on your pc at the very least.

Bear in mind it's possible the server itself was compromised - if another site on the server was hacked symlink means all sites on the server are now vulnerable.

backup does not have the infected file - it was newly created index.php which is 5Kb, the original one is 1.99Kb. Not knowing what else could be infected, restored the whole lot.
While the site had the contaminated file, Google bots found it and inserted my site into "known malware distributors", warning people not to enter.
Now I am getting it removed from there.

I had a customer with a similar problem. The malware came in via Word Press