|
Hacker has changed my FORUMHOME template - how?
How has a hacker been able to change my forum home template to point to his forum? I reverted the template and fixed the issue but I don't know how he got in or what to change to stop him from doing this. Please help
hydrocanna.com |
You sure you cleaned out your site completely after you reported being hacked on Oct 4th?
|
i removed all the plugins that I felt were out of date
I removed the install folder after upgrading to 4.2.2 I changed all admin pw and cpanel pw what am i missing? |
Did you follow all the items in the following links thoroughly?
http://www.vbulletin.com/forum/blogs...ve-been-hacked http://www.vbulletin.com/forum/blogs...vbulletin-site |
I have for the most part and I'm trying to go through the files that don't belong on my server but not sure if i should delete that many files. Its quite a bit a few of em. Do i need to look at my plugins next?
how was he able to change the forum home? are there that many entrances for him to use that we can't narrow it down ? thank you so much for your help. Ive been battling this for months now. It has def killed my community |
Quote:
|
Well I would follow everything in the guides, and then you should be good to go.
There is no way of knowing exactly how the forumhome was changed, but at least reverting is seems to have fixed it. If you have not got any emails from vb.org about a potential exploit in any mods you are using, then you should be safe. You will only get the email if you have mods you are using, marked as installed. |
i found that the hacker got into the admincp and edited a plugin that has this code in it
Code:
if (strpos($_SERVER['PHP_SELF'],'cronadmin.php')) { |
1 Attachment(s)
here is the screen shot from the log. how does he not have a username?
I blocked the ip but im sure thats not a big deal |
There is a hole somewhere. Could be a file hidden on your server. You need to thoroughly check every file and compare the dates, etc..
Make sure you follow the suggestions to a "T" that Ozzy linked. |
Quote:
I have done all that already. I went through it all. I think it has to be a file but how do I find it |
Did you go through all your files when you ran, Suspect File Versions?
|
Quote:
I have but i have no idea what to look for and im not sure what belongs or what I should delete. It's getting to where I want to hire someone but don't know who |
I would post in the paid section then, just remember to follow this.
Before Selecting a User Once you are contacted by a member offering to fulfill the request, do the following: 1. Search this forum along with http://www.vbulletin.com/forum/ and http://www.vbulletintemplates.com/ for post by that user and with that user's name. If the posts are generally helpful, then you are usually in good shape. If there are no posts in all three sites or there are a significant number of unhelpful or negative posts, be wary. 2. If appropriate, ask the user for past work examples (a "portfolio"). Note, however, that many service requests are very unique and cannot support a portfolio. Also, there is always an honest user who simply has not had enough jobs yet to build a portfolio. |
| All times are GMT. The time now is 03:28 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|