vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   SITE HACKED AGAIN! Can't access ACP. Totally lost. (https://vborg.vbsupport.ru/showthread.php?t=302388)

obglobal.net 09-17-2013 12:55 PM
SITE HACKED AGAIN! Can't access ACP. Totally lost.
 
This is ridiculous.

I don't know how to handle this kind of stuff! I can't even access my ACP to delete this dude.

Hacked by Ari Tiga Angka Enam.

Why is vBulletin so easy to hack? Someone please guide me through what to do via cPanel.

I lost about 50 posts last time because I reverted to a backup.

So over it. :down:

xenite 09-17-2013 01:06 PM
Using Web-sniffer.net it looks to me like he may have replaced some of your PHP files. You may only have to upload backup copies of the PHP, not the MySQL database.

As far as blocking him from accessing your site again, look at your VBulletin ADMIN log and your raw server log to see if you can identify the right IP address.

If you don't know how to do this stuff then you'll probably need to pay someone to harden your server.

obglobal.net 09-17-2013 01:12 PM
All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added [DATE]1379427695[/DATE] at [TIME]1379427695[/TIME] ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?

ForceHSS 09-17-2013 05:52 PM
Replace them from the ftp

TheLastSuperman 09-17-2013 06:32 PM
Quote:
Originally Posted by obglobal.net (Post 2446199)
All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added [DATE]1379427695[/DATE] at [TIME]1379427695[/TIME] ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?
Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above ;).

obglobal.net 09-17-2013 08:47 PM
Thanks a lot, fellas. I'll give this a try. Cheers.

--------------- Added [DATE]1379457841[/DATE] at [TIME]1379457841[/TIME] ---------------

Quote:
Originally Posted by ForceHSS (Post 2446267)
Replace them from the ftp
Quote:
Originally Posted by TheLastSuperman (Post 2446285)
Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above ;).
Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.

xenite 09-18-2013 05:55 PM
Quote:
Originally Posted by obglobal.net (Post 2446333)
Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.
If all else fails, login to VBulletin's Members area and download the source code again. Then just extract the files you are sure you need.

obglobal.net 09-19-2013 12:09 AM
Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.

TheLastSuperman 09-19-2013 12:15 AM
Quote:
Originally Posted by obglobal.net (Post 2446601)
Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.
I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay :(. Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum ;).

obglobal.net 09-19-2013 12:19 AM
Quote:
Originally Posted by TheLastSuperman (Post 2446604)
I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay :(. Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum ;).
It's all good. It was a bit of a blunder on my behalf to go in to this thinking I'd have to do so little. I've been made wiser through my own silliness, unfortunately.

Could you help me with this?

https://vborg.vbsupport.ru/showthread.php?t=302431


All times are GMT. The time now is 02:32 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01120 seconds
  • Memory Usage 1,748KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete