vb.org Archive - forum hacked

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)

- - forum hacked (https://vborg.vbsupport.ru/showthread.php?t=272369)

Lestat_

10-19-2011 08:16 PM

forum hacked

a few hours ago, when login to our vbulletin forum, i get a blank page with message "hacked by Xplo1T www.prvtzone.net www.belegit.net "
I already checked all php & js files, but none has been changed today, no htaccess files have been changed neither, so i'm guessing it has been done with a kind of redirect parameter in the database - anybody has an idea how i can fix this ? where in the database i should look for a parameter causing a redirect ?

nerbert

10-19-2011 08:52 PM

I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.

LeventX

10-19-2011 08:53 PM

Your Server Apache or LiteSpeed ?

GavoTrav

10-19-2011 09:40 PM

nevermind..

Lestat_

10-20-2011 11:42 AM

thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed ;)

River J

10-22-2011 02:00 PM

Quote:

Originally Posted by nerbert (Post 2259105)

Clicking a link to a forum isn't going to do anything.....the forums are just full of scrubs who know how to follow tutorials posted online :p

Max Taxable

10-22-2011 02:04 PM

Quote:

Originally Posted by Lestat_ (Post 2259301)

You need to identify the admin userid numbers in config.php as unalterable/undeletable users. This will prevent password and other changes.

All times are GMT. The time now is 07:12 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01134 seconds Memory Usage 1,725KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: