vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   my forum was hacked (https://vborg.vbsupport.ru/showthread.php?t=285659)

pyes 07-17-2012 12:48 PM
my forum was hacked
 
How do i unhack it? Im sure the hacker only infiltrated the vb software and not my server. Which completely pisses me off either way. I sure it has happened to someone here...how did you fix it.

I can not find any altered files though in the control panel.

ironjuggernauts dot com

DirtRider 07-17-2012 12:58 PM
It seems to be the header that he has altered also your forum title

kh99 07-17-2012 01:10 PM
You already checked for suspicious files, that's good. I would run this script: www.vbulletin.org/forum/showthread.php?t=281080 and then also go to the Plugin Manager and see if you notice any strange looking plugins.

TheLastSuperman wrote an article about recovering a hacked system here: https://www.vbulletin.com/forum/cont...vBulletin-Site

pyes 07-17-2012 01:18 PM
yes i have checked and my hosting company is checking now also and thinking of doing a server restore.

I cannot log into my site or my admin panel.

however, i can log into my server and control panel. I will check out those links ty.

--------------- Added [DATE]1342535874[/DATE] at [TIME]1342535874[/TIME] ---------------

i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.

KProjects 07-17-2012 01:58 PM
Do you have ssh access?

If so, find files that were last updated in the past week or so.. and look through to see what they are. Once you find the hacked files, restore from a backup (database and files) from before that time. If you can't find anything that was changed (like if they modified things in the database), then pick a known-good point and restore from then.

pyes 07-17-2012 01:58 PM
is there a way to get me back inside my forum? im locked iout from password change or something. Is there a way to change my password via the server control panel?

--------------- Added [DATE]1342537242[/DATE] at [TIME]1342537242[/TIME] ---------------

i dont even know what an ssh is...lol sorry. Im not that savy....just the basics.

KProjects 07-17-2012 02:00 PM
Quote:
Originally Posted by pyes (Post 2348945)
i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.
Just go to: http://www.yoursite.com/tool_recompile.php

pyes 07-17-2012 02:25 PM
nope, still getting the same screen and i can log in

--------------- Added [DATE]1342539725[/DATE] at [TIME]1342539725[/TIME] ---------------

cant*

borbole 07-17-2012 03:30 PM
Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

pyes 07-17-2012 03:42 PM
Quote:
Originally Posted by borbole (Post 2348990)
Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

My host has to do the backup restore for me as I pay them extra to maintain the server. Im just waiting on them and they are slow. (ccihosting). I will do as you said and update vb versions as soon as i can get into my site. I will also run the updater as you mentioned.

My server company is the ones who said that the server was not compromised....they said it stemmed from Vbulletin. IDK. Im just going by what they said.

I may be looking for someone to head my security and will pay, if anyone is interested.

--------------- Added [DATE]1342543493[/DATE] at [TIME]1342543493[/TIME] ---------------

This is what they told me:

We suggest you to access the WHM/cPanel and change all the passwords for your site and e-mail accounts. The website is hacked but the cPanel information still works.

Probably the site was hacked because a vulnerability of vbulletin. Please make sure to check that you have the must recent version of the vbulletin software.

There are daily, weekly and monthly backups for the site in the server right now and it will be possible to restore the site to a previous state.

Let us know your comments.



Best Regards,

Nexar Donadio
Senior Technician
CCI Hosting
www.ccihosting.com
Panama, Republic of Panama


All times are GMT. The time now is 06:52 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03215 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete