Site hacked
 

TONS of SPAM, 1000's of blog entries, and the freaky thing is there is a "new administrator".
"aku" no IP addy, nothing, I have no idea HOW it got there.
anyways. deleted some users and I noticed that I was NOT able to delete one user, no matter how many times I tried, the user would still be there.
using Spam-O-Matic,, guess that has been defeated given the number of new users.

questions, HOW do I mass delete blogs?

I shut down the site and some of these spammers are STILL posting blogs while the site is down :mad:.

help WOULD be appreciated. thanks.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

thank you, still fishing for a way to kill all the blogs.

I would start by securing the site first, then repair the damage.

Check in plugin manager hackers add there own sometimes so if removed then can make more accounts.

thanks guys, working on it, guess Ill be down for a few days while I tackle things.
:mad:

Yeah unfortunately these things tend to happen sometimes, just make sure you follow everything thoroughly, or you will have more problems.

Do you have a back up of the data base before the hack?
maybe that could help if you did.

sadly I do not have recent back ups.

getting errors when prunning/deleting some users

Most good hosting services retain a backup for their own purpose. There is usually a fee involved for retrieving your database/files from their backup system, unless it is included in your host service pack. Depending on the size of your board this might be an option for you.

Problem is there is no telling if the issue was in the backup or not.

True, True - The infection date would have to be known. Usually, the service is not cheap either since they have to parse the backup image.:)

I still would like to know what allowed them in, probably the install folder was still there sounds like.

True, True - The infection date would have to be known. If backups are not included in your service package, it can get quite pricey: as they usually have to parse the backup image. :)

well, to a degree, its good I have very few actual members, most joined when the forum started, so anyone with user ID past 10 needs to go, I need to find out a way to delete ALL blogs and ALL members, Ill just make the few original members back .
wondering if it might be easier to use a new database.

no backups, hostgator only archives 1 wwek orso I was told. the forum was left alone for a long time as we had many other things to deal with and just noticed this mess.

going to the blogs section is a mess
http://www.patraditionalbowhunters.com/blog.php

no user names attached to blogs, my permissions should not allow this.

seems we got hacked right around SEPT of last year, no one noticed as we were not active for a long time.


still getting errors tryong to delete some users using the "prune" function

Deleting User VerlaQQJB
Fatal error: Call to a member function query_read() on a non-object in /home1/***/public_html/includes/class_dm_blog_user.php on line 218