vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Forum got Hacked - Need help recovering (https://vborg.vbsupport.ru/showthread.php?t=263591)

Chmura 05-13-2011 05:14 PM
Forum got Hacked - Need help recovering
 
My forum was hacked a few hours ago. I haven't made a backup of the database in a month and I don't know if my files are backed up, will need to check my laptop that's at a different location later.
I don't know what to look for to find the "Hacked by" file.
It's not in index.php or forum.php where do I find this?
They also sent emails to every single member (17,500+) on my forum.
What steps do I need to take to recover from this?
I was running on 4.1.2

I can't login as admin and they banned all members
Cyb Advanced Forum Rules is NOT installed on my forum

K!nG 05-13-2011 05:57 PM
was it just hacked or they also deleted all the files and database from the server ???? my forum was hacked but they just deleted all my sites directories but luckily they didn't delete the databse. chek n see if you are lucky enough & i would suggest just upload all new files or the last backup that u have.

Lynne 05-13-2011 06:03 PM
Download your version of vb from vbulletin.com and upload all the default files (keep a copy of your includes/config.php file!). Unless you modified them, then the default ones you download should be fine.

My thoughts - if you have no idea what to look for in your database, then you are better off using a backup.

Please learn from this and make more frequent backups or ALL your data.

Chmura 05-13-2011 08:41 PM
I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.

CK 05-13-2011 10:19 PM
You've spoken to the hackers, tell us more.

dale09 05-13-2011 10:32 PM
Quote:
Originally Posted by ChemicalKicks (Post 2195353)
You've spoken to the hackers, tell us more.
I was curious about this as well. Did he schedule a dinner with them? lol

Boofo 05-13-2011 10:36 PM
Quote:
Originally Posted by Chmura (Post 2195321)
I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.

Chmura 05-13-2011 11:12 PM
Quote:
Originally Posted by dale09 (Post 2195361)
I was curious about this as well. Did he schedule a dinner with them? lol
Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.

Quote:
Originally Posted by Boofo
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.
Great idea! Will do that too.

Boofo 05-13-2011 11:27 PM
I also have the install directory password protected just in case they want to try and play with anything in there.

MagicThemeParks 05-13-2011 11:32 PM
Sorry to hijack, but what's the easiest way to password protect the directories, Boofo?


All times are GMT. The time now is 09:20 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09538 seconds
  • Memory Usage 1,743KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete