vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Site hacked (https://vborg.vbsupport.ru/showthread.php?t=266145)

keress 07-01-2011 10:53 PM
Site hacked
 
Our site's been hacked. When trying to open the forum, a forum.php opened with an email address, 'meowholio@gmail.com for security.' I deleted that, then when the index.php kicked, it had the same email address. I uploaded the real index.php and then got these error messages:

Quote:
Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_birthdaybit in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/saponorg/public_html/forum/index.php(147) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_birthdaybit in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/saponorg/public_html/forum/index.php(147) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: forumhome_markread_script in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(532) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: ad_forumhome_afterforums in [path]/includes/functions.php on line 3932

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: navbar in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(562) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: FORUMHOME in [path]/includes/functions.php on line 3932

Parse error: syntax error, unexpected T_STRING in /home/saponorg/public_html/forum/index.php(563) : eval()'d code on line 1
Should I start by re-uploading the site? I know I'm downlevel, though I'm not sure what level I'm on. What file will tell me this? Would it 'cure' the problem to upgrade?

snakes1100 07-01-2011 11:32 PM
That would be a start.

I would rename the current folder to name-dont-use or whatever you like.

Upload the current version php files for vb to the new rightly named folder.

If there is a required upgrade to close a vb security hole, that would be wise to complete.

Upload & upgrade your installed hacks/addons 1 by 1.

Revert / update any out dated templates.

If you was previously storing any files for attachments/avatars etc, move them back int othe new folder that vb resides in.

You may also want to do a scan of the current db for injected code that may be in a template.

keress 07-02-2011 01:54 AM
Thanks so much for the good advice.

Isn't there a file (online) that would tell me what version I'm using? I want to confirm that before I start uploading.

--------------- Added [DATE]1309582233[/DATE] at [TIME]1309582233[/TIME] ---------------

So far, so good. I went ahead and uploaded my best guess version and the site's reappeared.

http://www.saponitown.com/forum/forum.php

Where would the banner image and avatars be stored?

BirdOPrey5 07-02-2011 07:06 PM
You are using vBulletin 4.0.2 according to your link- but from the errors posted in your first post it appears you have uploaded vBulletin 3.x files.

You are also posting in the vBullerin 3.x section- I suggest verifying what version you are supposed to be running and download the original files for that version.

Danny702 07-03-2011 10:54 PM
My site has been hacked 2 .. and idk how to stop them :( i patched all the exploits anybody wanna help me 2 :( ........

BirdOPrey5 07-03-2011 11:57 PM
Quote:
Originally Posted by Danny702 (Post 2216419)
My site has been hacked 2 .. and idk how to stop them :( i patched all the exploits anybody wanna help me 2 :( ........
You should file a support ticket on vBulletin.com. Put in all the info you have gathered about the hack.


All times are GMT. The time now is 02:44 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01638 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete