vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Hacked and cant work out whats happened (https://vborg.vbsupport.ru/showthread.php?t=220717)

Pt1994 08-12-2009 12:15 PM
Hacked and cant work out whats happened
 
Ok my website has been hacked and it seems the hackers have done some sort of trickery and now it just displays some "game over" page my site is still there in FTP and the database is fine there were some php files in the ftp like e.php and soem other stuff something called zend.php which was supposed to decrypt a vbulletin config file but that would have been no use becuse my database is only acessible from my ip and localhost

How can i fix this stupid game over page?

Marco van Herwaarden 08-12-2009 12:23 PM
Clean up your filesystem to remove any rogue scripts.
Overwrite your files with a clean copy of vB.
Check your templates and phrases for insertions.

Pt1994 08-12-2009 12:29 PM
Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know

topranger 08-12-2009 02:45 PM
do u access to the server???
i can help check your pm and reply back

Marco van Herwaarden 08-13-2009 07:06 AM
Quote:
Originally Posted by topranger (Post 1865905)
do u access to the server???
i can help check your pm and reply back
Just a warning to those who think they can offer their services by sending our PM's to random members who are looking for help with a problem, other then as a result of a Paid Request, is considered advertising and spamming.

topranger 08-13-2009 03:42 PM
^sorry about it

Alex LD 08-13-2009 07:56 PM
Quote:
Originally Posted by Pt1994 (Post 1865780)
Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know
Hackers may have targeted because you were vulnerable to many reasons such as you could have been using an older version of vBulletin or some Hack for vBulletin that is out dated with a security whole causing them to target you.

"wlhaan" Is a Saudi Arabia Hacking Team/Group.

Are you on Shared Hosting, a VPS, or a Dedicated Server?

agitated 08-13-2009 09:28 PM
If you're on shared hosting then you ought to be thinking about a move.
I had my second installation of vBulletin, as allowed for testing, installed on my personal website under closed conditions. It was password protected and not open to the public.

Twice it got hacked and my host accepted responsibility, saying several sites got hacked.
I moved to another host after the second attack.

Jinovich 08-14-2009 01:01 AM
Our site is forever targeted by script kiddie groups etc etc as it attracts their attention.

These are steps that can help you identify the issue.
  1. Reupload you vBulletin files
  2. Reupload your style
  3. Disable your plugin and hooks
  4. Check your .htaccess
  5. Check the replacement variable manager
  6. Ensure that it is not some rough html in a notice or announcement.

everytime you complete a step check to see if the problem persists

Kendothpro 08-14-2009 02:29 PM
I can almost surely bet that you have an index.html page in your root directory :) Try removing it, and your forum will be back

It's a common "trick" used by defacers, since most apache installations have a sequence of what pages to serve if you just go to www.yourwebsite.com and most of the time index.html is the first in line, and index.php comes after it


All times are GMT. The time now is 12:38 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01077 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete