vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   We got hacked!! (https://vborg.vbsupport.ru/showthread.php?t=170428)

uktotty.co.uk 02-13-2008 08:33 PM
We got hacked!!
 
forums.uktotty.co.uk was hacked today at around 18.00
I have lost the index page and I am not sure about the rest, I cannot access the admin page as I get the same index page.
Can I restore this site, has anyone else been hacked today by DR TAIMAR?

cheat-master30 02-13-2008 08:39 PM
Restore the vBulletin index page, and the other vBulletin files. Then if your version is out of date, upgrade it. If such stuff still doesn't work, I'm not sure what to do, since I am lucky enough to have no hacking problems to deal with. Sure, mass spam problems, DDOS type stuff, but none of that. Hope you can fix this.

Lynne 02-13-2008 08:45 PM
do you have backups of all your files? I would reupload them all. I'd also try to figure out how it was that they hacked you because if you don't figure that out, they will just do it again.

uktotty.co.uk 02-13-2008 08:47 PM
my admin is away so simple tasks like restoring the index page are a little tricky, where is the back stored? Or should I have done a manual back up every day?

Reecey 02-13-2008 08:56 PM
i would say everyday is a little ott but you should try and make a backup at least once a week.
i can deffo help you out if you wish with the files aand help until your main admin techie comes back .

uktotty.co.uk 02-13-2008 09:04 PM
Cheers reecy
Will send you a PM

Russ

--------------- Added [DATE]1203017439[/DATE] at [TIME]1203017439[/TIME] ---------------

Hi guys if anyone can help it would be appreciated, my hosts have no blocked MY IP Addy so I cant get on the site to change the site or infact to tell them they have blocked me!
Can anyone fix the index page for me?

uktotty.co.uk 02-17-2008 09:43 AM
BUMP!

We are still hacked can anyone help?

Bl4z3 02-17-2008 10:08 AM
o_______o

your server's down

Opserty 02-17-2008 10:16 AM
Your host blocked your IP?! Why on earth would they do that? Phone them or email them and get it unblocked...you can't do nothing if they are preventing you from visiting the site. Else wait till your other Admin gets back.

Lynne 02-17-2008 03:37 PM
I can get onto your site and the main index page is fine. It's the forumdisplay page which is hacked. What exactly have you done so far to fix this? Have you restored all the original php files? Have you put up a backup of your database? What have you done?

uktotty.co.uk 02-21-2008 05:12 PM
Hi Lynne I have done a full back up and restore but the site is still hacked after you login or click any links.
is it worth going to an earlier backup or is the redirection actually sitting in the file system?

Princeton 02-21-2008 05:25 PM
ask your host to restore a backup if possible (before the hack occurred)

disable all products/plugins once you log in

Lynne 02-21-2008 05:36 PM
Quote:
Originally Posted by uktotty.co.uk (Post 1448229)
Hi Lynne I have done a full back up and restore but the site is still hacked after you login or click any links.
is it worth going to an earlier backup or is the redirection actually sitting in the file system?
I would replace the files also. But also look for any suspicious files in your system (you can do that in Admin CP > Maintenance ).

Marco van Herwaarden 02-22-2008 07:22 AM
sorry if this is a stupid question: When did you create that backup, before or after the site was hacked?

snakes1100 02-22-2008 10:58 AM
did you even revert your templates?

uktotty.co.uk 02-28-2008 08:04 PM
Quote:
Originally Posted by Marco van Herwaarden (Post 1448558)
sorry if this is a stupid question: When did you create that backup, before or after the site was hacked?
Backup was done by cpanel automatically, daily, weekly and monthly, I did the weekly restore within 7 days of the hack.

Thanks for the offers of help on this from everyone, we will be sorting it out soon. :)

geniusjones 02-29-2008 06:10 AM
I like to gather the hacked files together, tarball them and send them to the host just so they have a record that it wasn't me that sent out those 10,000,000 emails haha. Anyway if you keep regular backups you only lose as many days of posts as your backup period is long, so it's usually not bad. My only worry ever when someone gets in is that they'll propagate something malicious that I might get in trouble for.

ArcadeKing 01-11-2009 10:23 PM
hi there, we got our websites hacked yeaterday, can anyone help us to fix the problem, i have done back up before we got hacked, but no ideas what to do next, we will be very grateful for any help

thanks

Shaheen 01-11-2009 10:45 PM
Quote:
Originally Posted by ArcadeKing (Post 1709055)
hi there, we got our websites hacked yeaterday, can anyone help us to fix the problem, i have done back up before we got hacked, but no ideas what to do next, we will be very grateful for any help

thanks
ahhh,

i got hacked twice couple of days ago by different hackers....after getting hacked second time what i did...was

as i have regular backup of my forum
i restored all backup from cpanel
and then i disabled all hooks
and then upgraded my forum to latest version of vb
and also i used a web scanner to find out the vulnerables and suspicious files.

ArcadeKing 01-11-2009 11:03 PM
Quote:
Originally Posted by Shaheen (Post 1709076)
ahhh,

i got hacked twice couple of days ago by different hackers....after getting hacked second time what i did...was

as i have regular backup of my forum
i restored all backup from cpanel
and then i disabled all hooks
and then upgraded my forum to latest version of vb
and also i used a web scanner to find out the vulnerables and suspicious files.
can you explain how to do that, as we can,t in to do all things you done

thanks

Dismounted 01-12-2009 03:53 AM
Instead of trying to find suspicious files, you can just remove all the files for your forums, and then reupload a fresh set from a vBulletin zip. Make sure you also reupload any files from modifications.

Marco van Herwaarden 01-12-2009 10:25 AM
Quote:
Originally Posted by ArcadeKing (Post 1709055)
hi there, we got our websites hacked yeaterday, can anyone help us to fix the problem, i have done back up before we got hacked, but no ideas what to do next, we will be very grateful for any help

thanks
If these 3 are on the same server, then i would start by making sure the server is secure.


All times are GMT. The time now is 06:04 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01224 seconds
  • Memory Usage 1,757KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (22)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete