vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Forum got Hacked - Need help recovering (https://vborg.vbsupport.ru/showthread.php?t=263591)

Chmura 05-13-2011 05:14 PM
Forum got Hacked - Need help recovering
 
My forum was hacked a few hours ago. I haven't made a backup of the database in a month and I don't know if my files are backed up, will need to check my laptop that's at a different location later.
I don't know what to look for to find the "Hacked by" file.
It's not in index.php or forum.php where do I find this?
They also sent emails to every single member (17,500+) on my forum.
What steps do I need to take to recover from this?
I was running on 4.1.2

I can't login as admin and they banned all members
Cyb Advanced Forum Rules is NOT installed on my forum

K!nG 05-13-2011 05:57 PM
was it just hacked or they also deleted all the files and database from the server ???? my forum was hacked but they just deleted all my sites directories but luckily they didn't delete the databse. chek n see if you are lucky enough & i would suggest just upload all new files or the last backup that u have.

Lynne 05-13-2011 06:03 PM
Download your version of vb from vbulletin.com and upload all the default files (keep a copy of your includes/config.php file!). Unless you modified them, then the default ones you download should be fine.

My thoughts - if you have no idea what to look for in your database, then you are better off using a backup.

Please learn from this and make more frequent backups or ALL your data.

Chmura 05-13-2011 08:41 PM
I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.

CK 05-13-2011 10:19 PM
You've spoken to the hackers, tell us more.

dale09 05-13-2011 10:32 PM
Quote:
Originally Posted by ChemicalKicks (Post 2195353)
You've spoken to the hackers, tell us more.
I was curious about this as well. Did he schedule a dinner with them? lol

Boofo 05-13-2011 10:36 PM
Quote:
Originally Posted by Chmura (Post 2195321)
I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.

Chmura 05-13-2011 11:12 PM
Quote:
Originally Posted by dale09 (Post 2195361)
I was curious about this as well. Did he schedule a dinner with them? lol
Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.

Quote:
Originally Posted by Boofo
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.
Great idea! Will do that too.

Boofo 05-13-2011 11:27 PM
I also have the install directory password protected just in case they want to try and play with anything in there.

MagicThemeParks 05-13-2011 11:32 PM
Sorry to hijack, but what's the easiest way to password protect the directories, Boofo?

Boofo 05-13-2011 11:46 PM
I use a program from Coffeecup software called "Coffeecup Website Access Manager". It allows you to password protect any directories easily. I'm sure there are other programs out there that will do the same thing.

g0dfather1984 05-13-2011 11:53 PM
Thank you Boofo for the advice. I'm also taking it.

(Sorry about hijacking the thread.)

Chmura 05-14-2011 08:50 PM
Does anyone know how to revert this change?
"spainish"

https://vborg.vbsupport.ru/external/2011/05/38.jpg

skol 05-15-2011 12:55 AM
Quote:
Originally Posted by Chmura (Post 2195375)
Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.


Great idea! Will do that too.

They didn't decrypt your password,they used a keylogger..Probably something you clicked on in your emails..Or downloaded..

Chmura 05-17-2011 07:08 PM
Quote:
Originally Posted by skol (Post 2195835)
They didn't decrypt your password,they used a keylogger..Probably something you clicked on in your emails..Or downloaded..
I'm very careful about these things, I highly doubt that's what happened.


All times are GMT. The time now is 06:19 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01039 seconds
  • Memory Usage 1,747KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (15)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete