Hacked
 

Not sure if this is where I post this so I apologize in adavance if it's in the wrong place. Around 3:30 this morning some one hacked my index files and the put up a page that they had hacked it in the name of muslims. Somebody the name of Brandon. Not sure how this was done, but how do I prevent it from happening again? I was fortunate in having the files backed up so it didn't take long, I was also lucky in the fact I happen to be present with this person did it.

Hello,

If they changed files, then they gained access to ftp or your server somehow. It doesn't sound as if they hacked vBulletin. It sounds like they found their way onto your server.

I could be wrong, but I would certainly contact your service provider and inform them of what happened. They should be able to trace the login session.

It's normally they have just changed the forumhome template. Revert that and it should go back again.

Make sure you are running the lastest version, or at the very least have applied all security patches since the version you have installed.

Thats what I thought as for the hack job, and I only had to replace the index file in two places. As for my server I contacted them immediately early this morning when it happened and they gaver this response.
I'm currently running 3.5.4. Not sure where they got in, just want to prevent it from happening again.

Have you installed any major modifications?

While it's not nessesserialy(sp) those, it is a possibility.

I'd also recommend contacting support via the members area to see if there is anything that they can recommend.

I've installed quite a few hacks, but I wouldn't classify any of them as major. And it's been a while since my last hack has been installed.

I will make it a point to contact Vbulletin on this, as I'm just looking to prevent it, not complain about being hacked and to possibly find where it may have came from. My ire is only directed at some one that feels the need to be malicious for no other reason than to draw attention to himself .

"The most common way" does not mean it's the only way - that reply was nothing more than a polite fob off.

I appreciate all the help, like I said I'm not here to complain, just looking for a way to prevent it from happening again. I've had issues in the past with a different server and their common response was to blame the software. Since moving to another all those "problems" went away.

This is generally the kind of response you will get from all hosters. And, 99.9% of the time it's a correct assumption.

Just looking at your site I could tell you added a lot to it -- most likely the vulnerability is caused by one or more of the changes you did to the site.

Also, if you are giving different people access to your server/files to fix bugs and/or install products etc ... you are only putting yourself at risk. It just makes your job harder to find out who "hacked" your site.

Hacking a site could be done by adding a small script on a product, style, js, and/or flash file. This is why you should be careful of what you install on your site.

1. Check every file in your web account for files that do not belong there. If hackers got in they could have easily added or edited files.
   
2. You should check your addons for any suspicious code.
3. Change your config.php information (username/password). Most likely they didn't get this far but it's better safe than sorry.
4. Change FTP username/password.

My best recommendation is to start the site from scratch on a new hosting account. Also, limit OTHERS who have access to your server/files to 1.

Did the hack page look like this: http://www.melonfresh.com/v2.php

well well that looks familiar ive had a member join my board who's first post was about Allah,http://www.sats-general.com/forum/showthread.php?t=1644

His name was Brandon and claimed to be 14, that much I remember, but something to that effect, but not those two.

As for server access I am the only one with that. All the changes I've implemented have come from here. I trust the content from this site above all.

I've had no run ins since that, so I assume it was someone doing it for fun as opposed to some one targeting me for specific reasons.

That's a bit... overly trusting of you.

The only barrier to posting a hack here is being on a Priority Support list at vB.com. As every owner can add 3 addresses there, that leaves the window wide open for anyone to (intentionally or not) post a hack that compromises your Forum's security.

This happens to me about once a month as my site is a highly targeted domain for these activities. The method that they commonly use is "PHP Injections", and they "inject" a file onto your server through php functions, typically administered through the URL, and name it "index.php". They don't need FTP access to do this if they know what they are doing.

A way around this is to get your server setup to use another filename such as mainindex134.php as a root file, instead of index.php, default.php etc...

Hope this helps.

Do some research on "PHP Injection Hacking".

I had this and resolved it. They got into my site via the flashchat script on my forum. My host told me to upgrade to the latest version but I have just removed it and it works fine now.

Hope that helps.