vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   my forum hacked (https://vborg.vbsupport.ru/showthread.php?t=174435)

debian1 03-28-2008 03:25 PM
my forum hacked
 
hello, my forum vb forumikatolik was hacked since this afternoon, and index page is not started... i can entry on admincp, so i think is just and small error, how can I recover my index page and did the forum works? can anybody help pls?

nexialys 03-28-2008 03:31 PM
change your host, change your passwords, that will clean all your problems...

Jase2 03-28-2008 03:31 PM
Go into your FORUMHOME template and revert it to the default.

Also, re-upload all the vB non-image files overwriting any on your server. Then, change all passwords, including FTP ect..

You should be able to get back after reverting FORUMHOME -- but it's best to be safe than sorry.

Ask any admins you have to change their password, too.

Regards Jason :)

debian1 03-28-2008 03:40 PM
Quote:
Originally Posted by Jase2 (Post 1476877)
Go into your FORUMHOME template and revert it to the default.

You should be able to get back after reverting FORUMHOME -- but it's best to be safe than sorry.



Regards Jason :)
I did it, but it's not working still :(

lasto 03-28-2008 03:49 PM
have they changed index.php on your server ?

debian1 03-28-2008 03:50 PM
Quote:
Originally Posted by lasto (Post 1476893)
have they changed index.php on your server ?
i replaced the file index.php but nothing has been changed

snakes1100 03-28-2008 04:10 PM
Do the following looking for iframe code or by word MoHaMeDiTo

Check global.php at the bottom of the file.

If you have vbadvanced, check the vba_cmps_include_template.php file as well

Also search your style for iframe code or the word MoHaMeDiTo

Then change all your passwords for your site, check file permissions on all files make sure they are 644.

If it happens again check all your hacks are up2date

debian1 03-28-2008 10:32 PM
Quote:
Originally Posted by snakes1100 (Post 1476914)
Do the following looking for iframe code or by word MoHaMeDiTo

Check global.php at the bottom of the file.

If you have vbadvanced, check the vba_cmps_include_template.php file as well

Also search your style for iframe code or the word MoHaMeDiTo

Then change all your passwords for your site, check file permissions on all files make sure they are 644.

If it happens again check all your hacks are up2date

no way, there's no iframe or something word muhamedito on global.php file :(

Jase2 03-28-2008 10:43 PM
To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

[Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

Next, disable all plugins.

Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

Do you have the same problem?

Regards Jason :)

debian1 03-28-2008 10:51 PM
overwriting all the .php files?

Lynne 03-28-2008 10:52 PM
Quote:
Originally Posted by debian1 (Post 1477198)
overwriting all the .php files?
Well, if you hacker added his code into one of your php files, don't you think it would be a good idea to replace them with a clean copy?

Vtec44 03-28-2008 11:52 PM
looks like they may have also changed your .htaccess file to forward your main site to /forum folder.

Shawn Yue 03-29-2008 06:05 AM
You May Just Post A Support Ticket At Member Area Of Vbulletin.com

Saying Your Forum is Hack....

Epic-Phail 03-29-2008 11:24 PM
Check for an index.html

As it covers up your index.php

Or you can import a backup and it will bring everything back to what it was before the incident.

I would also check for shells in your directories.

debian1 03-31-2008 09:04 AM
I maked up the forum again, thnx to your helps :D

but I have another problem, when I log in like administrator and I check one post, I can view this post, and it display a message error like below:

Warning: require_once(/home/forumika/public_html/forum/includes/functions_warning.php) [function.require-once]: failed to open stream: No such file or directory in /includes/class_postbit.php(296) : eval()'d code on line 5

Fatal error: require_once() [function.require]: Failed opening required '/home/forumika/public_html/forum/includes/functions_warning.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumika/public_html/forum/includes/class_postbit.php(296) : eval()'d code on line 5

also it happens when I click to a single member (always when I logged in like administrator):

Warning: require_once(/home/forumika/public_html/forum/includes/functions_warning.php) [function.require-once]: failed to open stream: No such file or directory in /member.php(838) : eval()'d code on line 8

Fatal error: require_once() [function.require]: Failed opening required '/home/forumika/public_html/forum/includes/functions_warning.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumika/public_html/forum/member.php(838) : eval()'d code on line 8

when I logged in like a normal user, this error is not displaying, and also like a normal user i can read post, and write new posts and looking members profile also...

could anybody give some helps... :)

regards and thank you again

D

Dismounted 03-31-2008 09:17 AM
You have not uploaded the file "functions_warning.php". This isn't a standard file in vBulletin, so it must be from a modification you have installed.

debian1 03-31-2008 09:27 AM
Quote:
Originally Posted by Dismounted (Post 1478934)
You have not uploaded the file "functions_warning.php". This isn't a standard file in vBulletin, so it must be from a modification you have installed.
done, now is OK

thnx 2 everyone

the mods can close the topic if they want

thnx again 2 all

best regards

D ;)


All times are GMT. The time now is 12:41 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01693 seconds
  • Memory Usage 1,753KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (17)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete