|
Recovering from a Hack
So a few weeks ago some great help got me in with Fix It to fix our forums. There are still problems we are running into.
1.) When going to update plugs and enable them. It acts like its going to but gives this in the box. Updating style information for each style World at War ... (Templates) (StyleVars) (Replacement Variables) (CSS) ~ HaCkEd By EjRaM HaCkEr ~ isecurity7@gmail.com That hacked by ejram is the hack that kept spamming our main page before we used fix it. 2.) If I try to run the vbulletin upgrade script. It says this. On Processing Blog 17 of 18 It errors out with this message. Unexpected Text: <?xml version="1.0" encoding="windows-1252"?> ~ HaCkEd By EjRaM HaCkEr ~ isecurity7@gmail.com Does anyone know where this hack could be? Otherwise the forums are working just seems like updates can't be done. --------------- Added [DATE]1375646712[/DATE] at [TIME]1375646712[/TIME] --------------- Also, The only way we can view the forums, is if all of our plugins are disabled. --------------- Added [DATE]1375647598[/DATE] at [TIME]1375647598[/TIME] --------------- Ok I disabled every plugin, and removed the define('DISABLE_HOOKS', 1); from my config file. Now each time I go to enable a plugin it gives me this: Updating style information for each style World at War ... (Templates) (StyleVars) (Replacement Variables) (CSS) ~ HaCkEd By EjRaM HaCkEr ~ isecurity7@gmail.com --------------- Added [DATE]1375648135[/DATE] at [TIME]1375648135[/TIME] --------------- Ok Plugin - Everywhere Sidebar - Posted teh big white screen of the hacked message on main index.php or any of the site links. I have uninstalled this plugin, but still getting the Hacked messages for the Updating Styles |
Have you tried posting a support ticket yet. A link to your site might help someone here to locate the problem. Check server logs see how they got in. Using custom plugins sometimes allow hackers access to your site
|
<a href="http://www.bfewaw.com" target="_blank">http://www.bfewaw.com</a> is the site, but the hacked message is only in admin stuff now.
|
The site shows as blacklisted.
Quote:
Some information about the hacker? http://www.google.com.au/?gws_rd=cr#...w=1280&bih=792 This may help with sorting it out.? Good luck with getting rid of the hacker. Hackers and those who support them are the scum of the earth IMHO. |
What does that exactly mean?
|
It means that as of a few seconds ago a scan of your site shows it is blacklisted by http://www.scumware.org/search.scumware
This information may assist if you contact your host, so they can see there is a problem. You may wish to contact scumware.org to re-evaluate your site to see if it is now clean. |
Did you make sure to use a database backup from before you were hacked? I'm guessing they either changed, or added, a plugin and that is causing the issue.
|
Yeah unfortunately Lynne we didn't have a backup. :( So we are trying to find out where the hack is at.
|
Quote:
Quote:
|
Here are screenshots.
The first is the message that pops up when you try to Enable a plugin. (It does not update the styles when you click enable.) http://www.bfewaw.co.uk/Wir3tap/first.jpg The 2nd is what pops up in error of stage 17 of updating VBulletin. When you scroll the bar to the side, it says the hacked Message http://www.bfewaw.co.uk/Wir3tap/2nd.jpg When we first got hacked, we couldn't get into anything. It didn't even show us the forums. It was just one white screen that said "Hacked By Ejram" and that email address, the same thing its saying in the screenshots. |
| All times are GMT. The time now is 11:29 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|