vb.org Archive - Forum Hack Cleanup

My forum was recently hacked, which really was my wake-up call towards security on my server.

Somehow, possibly through an SQL Injection in another Plugin or by impersonating administrator credentials (although I can't be sure), the hacker was able to gain access to the Admin CP (via an Admin's account), and add a plugin titled "vb_ajax" that contained an encrypted string.

Once decrypted, the string would inject a check for $_REQUEST['mode'], which it would then use to run a large variety of exploits, including running shell commands and executing certain SQL queries. The parameter 'ws_ver' would identify this plugin as "WebShell PHP Server v3.2".

Thankfully, like all "good" hackers (thank god they weren't purely malicious), they made it clear that they had gained access to the ACP and the database by editing our templates to display something similar to "LOL IVE HACKED YOUR SITE, HERE'S A LINK TO YOUR USERS SQL DUMP!"; otherwise I might not have found out.

Anyways, I have no Admin experience, at all. I took over the site because all the other Admins left. I do have some experience as a Junior Programmer in the games industry, but that about covers it.

I've since gotten the site back online (pretty easily), and have had my plugins disabled. Some of the things I've done to help secure the board:

New Database User Name
New Database User Password (much higher complexity)
New Administrator Passwords
New Moderator Passwords
New FTP Password
New cPanel Password
Restricted AdminCP Access with .htaccess
AdminCP .htpassword Password
ModeratorCP .htpassword Password (different)
Disabled every plugin except the absolutely essential
Restricted access to core files with chmod
Flushed the FTP to a new install of vBulletin
Alerted users to please change their passwords

What I'm worried about is:

Q: If the password salt is stored in the database, and the database was compromised (very likely), do I need to re-salt it? Won't that destroy everyone's passwords?

Q: Do you have any recommended tips on what to do next?

Q: Do you have any recommended reading to become a better Admin? So far I'm boning up on my PHP, but I'm sure there are highly recommended resources that I'm unaware of.

A lot of text for very few questions... Thanks for taking the time to read them though.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01989 seconds Memory Usage 1,707KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (1)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: