Hacked
 

Not sure if this is where I post this so I apologize in adavance if it's in the wrong place. Around 3:30 this morning some one hacked my index files and the put up a page that they had hacked it in the name of muslims. Somebody the name of Brandon. Not sure how this was done, but how do I prevent it from happening again? I was fortunate in having the files backed up so it didn't take long, I was also lucky in the fact I happen to be present with this person did it.

Hello,

If they changed files, then they gained access to ftp or your server somehow. It doesn't sound as if they hacked vBulletin. It sounds like they found their way onto your server.

I could be wrong, but I would certainly contact your service provider and inform them of what happened. They should be able to trace the login session.

It's normally they have just changed the forumhome template. Revert that and it should go back again.

Make sure you are running the lastest version, or at the very least have applied all security patches since the version you have installed.

Thats what I thought as for the hack job, and I only had to replace the index file in two places. As for my server I contacted them immediately early this morning when it happened and they gaver this response.
I'm currently running 3.5.4. Not sure where they got in, just want to prevent it from happening again.

Have you installed any major modifications?

While it's not nessesserialy(sp) those, it is a possibility.

I'd also recommend contacting support via the members area to see if there is anything that they can recommend.

I've installed quite a few hacks, but I wouldn't classify any of them as major. And it's been a while since my last hack has been installed.

I will make it a point to contact Vbulletin on this, as I'm just looking to prevent it, not complain about being hacked and to possibly find where it may have came from. My ire is only directed at some one that feels the need to be malicious for no other reason than to draw attention to himself .

"The most common way" does not mean it's the only way - that reply was nothing more than a polite fob off.

I appreciate all the help, like I said I'm not here to complain, just looking for a way to prevent it from happening again. I've had issues in the past with a different server and their common response was to blame the software. Since moving to another all those "problems" went away.

This is generally the kind of response you will get from all hosters. And, 99.9% of the time it's a correct assumption.

Just looking at your site I could tell you added a lot to it -- most likely the vulnerability is caused by one or more of the changes you did to the site.

Also, if you are giving different people access to your server/files to fix bugs and/or install products etc ... you are only putting yourself at risk. It just makes your job harder to find out who "hacked" your site.

Hacking a site could be done by adding a small script on a product, style, js, and/or flash file. This is why you should be careful of what you install on your site.

1. Check every file in your web account for files that do not belong there. If hackers got in they could have easily added or edited files.
   
2. You should check your addons for any suspicious code.
3. Change your config.php information (username/password). Most likely they didn't get this far but it's better safe than sorry.
4. Change FTP username/password.

My best recommendation is to start the site from scratch on a new hosting account. Also, limit OTHERS who have access to your server/files to 1.

Did the hack page look like this: http://www.melonfresh.com/v2.php