vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Website hacked :/ (https://vborg.vbsupport.ru/showthread.php?t=261221)

gregory_clayton 03-31-2011 11:01 AM
Website hacked :/
 
i was hoping this shit wouldnt happen again :/..happend a few years back on my old forum and on my new one which has been opended 2 months which has finally started tog row jut got hacked this morning.

www.wwehq.com

It doesnt look like any files/tables were deleted. But it is displaying his websites on each page.

If I try to go onto the arcade.php its just the same.

Any idea anyone :/

lazydesis 03-31-2011 11:04 AM
I am sure the database has been modified. It happened to me in the past. Open phpmyadmin and search for the text that's being displayed on your website, or search for the URL to which it is being redirected and you will see that.

Luckily I had a database backup which I restored, and then changed all my passwords. Also I would delete all the files in the public_html dir and reupload the vb files.

There is also a possibility that he might have just modified your config.php file. So take a look at that as well.

gregory_clayton 03-31-2011 11:08 AM
tried searching in phpmyadmin the text isnt found. Makes me wonder if he is using some sort of script to link to that site

--------------- Added [DATE]1301575085[/DATE] at [TIME]1301575085[/TIME] ---------------

bump :(

borbole 03-31-2011 12:45 PM
What was the text displayed? I get a forum closed message when I loaded your forum?

it would be best to ask your host to check their access logs for around the time that the hack occurred to see how they got access.

What version of vb were you having btw?

gregory_clayton 03-31-2011 01:47 PM
The host has now uploaded a backup of the forum back online. I am awaiting the logs, they are going to transfer them to me later. When it happens I will be sure to paste the bas!£$ds ip for you guys here to ban him too.

I am using Powered by vBulletin™ Version 4.1.2

DNN 04-01-2011 12:06 AM
wow. Let me hurry up and update my stuff too.

conradk 04-01-2011 10:13 PM
Several years ago when the hacking attempts got bad on my site I renamed the admincp directory and created a bogus admincp directory with bogus/broken php files.

and regular backups are a good thing - thanks for the reminder

Phaedrus 04-03-2011 02:59 PM
check your PHP files, if he has access he can add just a couple lines to them that redirect everything to his pages. If such is the case, reload your clean files w/overwrite, then change your password you use to get into your server control panel to something indecipherable.

Chase 04-03-2011 05:39 PM
I highly recommend renaming your admincp and modcp folders and putting a password protection on them as well.

If you change your admincp folder name to something else, make sure you update it in your config.php file as well.

TheLastSuperman 04-03-2011 05:54 PM
  • Change cPanel Password (Or Hosting Account Manager password etc)
  • Change FTP Passwords
  • Change Forum Passwords
  • Changes ALL Database Usernames & Passwords then reset in config, remove old user from all DB's etc.
  • Check for modified files, compare timestamps etc.
  • IF you can access admincp check your template system for edits, revert all modified templates.
  • Check for shell files, .php, any new very large image files, anything with a odd name as sometimes it's apparent and sometimes it's not, depends on the hacker per say.
  • Check for oddly names modifications or plugins, recently a plugin was the culprit for me on a clients site.

The most important this is restoring from a backup, unless you know what to look for you could miss something so restoring then figuring out how you were compromised should be your number one priority otherwise they'll simply repeat the process :eek:.


All times are GMT. The time now is 10:30 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01069 seconds
  • Memory Usage 1,730KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete