vb.org Archive
Page 6 of 11 « First 45 6 78 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Th3H4ck hacked hundreds of VB forums over the last two days. (https://vborg.vbsupport.ru/showthread.php?t=301904)

Zachery 09-09-2013 09:31 PM
Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

TheLastSuperman 09-10-2013 01:26 PM
Erm working on one now where they edited the master style, will update this post once I find out more.

Edit: If your reviewing plugin edits via the control panel log and notice anything similar to: template.php modify style id = 0 then place your site into debug mode then check the MASTER STYLE for any edits.

The one I located was in the Master Style included in the forumhome template:
Code:
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://adf.ly/VRrrp">
The code present on your site may vary and may or may not be a redirect to adlfy it could be anything else so be on the lookout ;).

obglobal.net 09-10-2013 01:33 PM
I got got.

I'm bottom of the barrel level too, so I'm just bewildered. Lost about 30 posts by members after restoring to the previous day's backup via MySQL.

What's with these colon licking hackers?

--------------- Added [DATE]1378824257[/DATE] at [TIME]1378824257[/TIME] ---------------

Quote:
Originally Posted by Lynne (Post 2443463)

DELETE YOUR INSTALL DIRECTORY!!!
Please give me as thorough a walk through as possible on this, Lynne/anyone.

Sorry.

never mind. I got it.

TheLastSuperman 09-10-2013 02:05 PM
1 Attachment(s)
Basically you know how all those folder and files related to vBulletin must be uploaded to your server? You want to locate the folder /install/ and delete it entirely.

https://vborg.vbsupport.ru/attachmen...hmentid=146371

Edgespeeder06 09-10-2013 09:17 PM
Someone send me a contact message about this issue. I've been so busy working on clients' sites that I didn't see it until today. Thankfully I deleted that user and the install folder....will that stop it for sure?

CarolSEL 09-10-2013 09:25 PM
Quote:
Originally Posted by Edgespeeder06 (Post 2444721)
Someone send me a contact message about this issue. I've been so busy working on clients' sites that I didn't see it until today. Thankfully I deleted that user and the install folder....will that stop it for sure?
I don't know. I deleted the install folder, but the site got hijacked, and after reinstalling vB it's still not up.

TheLastSuperman 09-10-2013 09:43 PM
Quote:
Originally Posted by Edgespeeder06 (Post 2444721)
Someone send me a contact message about this issue. I've been so busy working on clients' sites that I didn't see it until today. Thankfully I deleted that user and the install folder....will that stop it for sure?
No, if you were hacked there is a high probability that the hacker uploaded a shell script and could have backdoors in various folders on your server. There is actually quite a bit you need to do in order to rid yourself of this. If you are not experienced in these matters contact your host and link them to this thread along with these links which have helpful info:

Quote:
Originally Posted by CarolSEL (Post 2444723)
I don't know. I deleted the install folder, but the site got hijacked, and after reinstalling vB it's still not up.
By that you mean what? That you dropped all tables in the database, deleted all the files then installed 100% from scratch using new files and a clean database and its still not working?

Zachery 09-10-2013 10:39 PM
Btw, I updated my blog again, with some additional steps to help remove the exploits.

CarolSEL 09-11-2013 11:07 AM
Quote:
Originally Posted by TheLastSuperman (Post 2444728)

By that you mean what? That you dropped all tables in the database, deleted all the files then installed 100% from scratch using new files and a clean database and its still not working?
No.
1. My site went down with a server error message.
2. Host got it back up, but home page "wasn't right". I noticed that I had phoney "admins" in my usergroup who were "registered" minutes before the error and deleted them. I read this thread and deleted the install folder. (Obviously, the payload had already been delivered.)
3. Site got hijacked.
4. Via link to ACP I shut down the boards, stopped all plugins.
5. Host restored a web file backup from 2 days prior to hacker reg, ran malware checks; site crashed and I cannot access ACP.
6. Following instructions from this site, I downloaded a fresh copy of 4.2.1 and uploaded the files to the server, overwriting the old ones.
7. Site is still down.

So how do I know if the db is clean? If not, have I lost all the member data? Is there a way to delete all the files except the forum and membership?

I will give this link to host, and will check out all the cleanup suggestions you and Zachary give.

willy888 09-11-2013 11:27 AM
I had the same problem in 4.2.1 before some days someone register as admin ...... we delete him
Yesterday the same , we delete him
I read here to delete the install folder , I did it .
The site is down .... database error.
I Reupload all 4.2.1 and make Upgrade or install , I have this error

Code:
Due to the following errors, the install/upgrade can not continue:

    The database has failed to connect because you do not have permission to connect to the server. Please confirm the values entered in the includes/config.php file
    Error description: mysql_connect() [function.mysql-connect]: User 'myname' has exceeded the 'max_connections_per_hour' resource (current value: 1) /home4/myname/public_html/forums/includes/class_core.php on line 317


All times are GMT. The time now is 09:39 AM.
Page 6 of 11 « First 45 6 78 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01149 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete