vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Forum hacked, keeps redirecting to to deface page after i deleted it (https://vborg.vbsupport.ru/showthread.php?t=289284)

TrevorS 10-18-2012 08:33 PM
Forum hacked, keeps redirecting to to deface page after i deleted it
 
My vBulletin forum was "hacked" (actually one of my admins emails just wasnt secure >.>) They uploaded 2 shells and a deface page, which i deleted, yet it still tries to redirect to the deface page, and is in an endless loop of refreshing.

Basically when it was first hacked, when i went to mydomain.com it redirected to mydomain.com/deface.html

I then deleted deface.html, but it still tries to redirect to mydomain.com/deface.html

I DO NOT have a .htaccess file, I've looked and it is not there. I have tried to make my own, and it would not work, I even made sure to CHMOD it, but still no success.

does anyone know how to fix this?

kh99 10-18-2012 08:39 PM
Try running this script: https://vborg.vbsupport.ru/showthread.php?t=281080

Also, look in the Plugin Manager and see if there are any plugins you don't recognize.

TrevorS 10-18-2012 08:44 PM
I cant access my control panel because every page redirects.

In Omnibus 10-18-2012 08:46 PM
Have you tried disabling hooks globally via the config.php file?

define('DISABLE_HOOKS', true);

kh99 10-18-2012 09:06 PM
Yeah that. And while it doesn't hurt to run that other script, if your admincp is redirecting it's got to be something other than a template.

Lynne 10-18-2012 10:43 PM
Did you try using a database backup? If your database was also compromised, then that may be a good option.

TrevorS 10-19-2012 12:24 AM
Quote:
Originally Posted by Lynne (Post 2374121)
Did you try using a database backup? If your database was also compromised, then that may be a good option.
database was not touched, only an admin account that wasnt even super admin. all they did was upload 2 shellls, a deface page, and whatever redirects every page.

Lynne 10-19-2012 01:51 AM
You cannot upload a file without ftp/server access, so what makes you think someone wasn't able to access the server and the database?

betterthanyours 10-19-2012 08:25 AM
Just throwing this out there, you should make sure the NameServers were not changed and that there are no forwarders

TrevorS 10-19-2012 11:33 AM
Quote:
Originally Posted by Lynne (Post 2374147)
You cannot upload a file without ftp/server access, so what makes you think someone wasn't able to access the server and the database?
They uploaed a shell through the adminCP, then uploaded a deface page through that, i checked the 'last modified' date of all the files in my FTP, only the shell and the deface page were added.

Quote:
Originally Posted by betterthanyours (Post 2374193)
Just throwing this out there, you should make sure the NameServers were not changed and that there are no forwarders
nameserves were not changed


All times are GMT. The time now is 03:12 AM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01085 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete