vb.org Archive

Page 1 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - Hacked (https://vborg.vbsupport.ru/showthread.php?t=312274)

Terrablade

06-19-2014 01:30 PM

Hacked

Anyone familiar with Symlink hack? I just lost my forum, completely deleted using such method i was informed by my hosting company.

A hacker uploaded a c99 shell to my server and deleted all the data with it and used symlink aswell is what i was told. Anyway to prevent this from happening again?

Im so mad

ForceHSS

06-19-2014 02:06 PM

Are all backups gone as well. Check logs to see how he got in

Max Taxable

06-19-2014 03:16 PM

Curious if you still have the v4 files on your server, particularly the "install" folder.

Terrablade

06-19-2014 03:28 PM

No i dont Max, I was back on 3.8.7.

ForceHss luckily I had a backup. The only different thing I had was 2 skins I installed.
Would you guys be able to check if they were the culprit?

ForceHSS

06-19-2014 03:52 PM

You need to ask your host how they got in they can check things you might not have access to

Max Taxable

06-19-2014 04:06 PM

Quote:

Originally Posted by Terrablade (Post 2502624)

No i dont Max, I was back on 3.8.7.

This does NOT mean you still don't have the vulnerable v4 files on the server.

Remove ALL instances of the install folder, regardless of version. Immediately.

Terrablade

06-19-2014 04:43 PM

Max i guess you didnt read correctly.. EVERYTHING GOT WIPED OUT. all files are gone from ftp

RichieBoy67

06-19-2014 04:58 PM

Quote:

Originally Posted by Terrablade (Post 2502613)

Chances are the shell was in one of those nulled scripts you had. This was why I told you twice to scan for malware. Those hacked versions always contain shell scripts and malware.

Hopefully up still have a back up downloaded to your pc.

Terrablade

06-19-2014 05:06 PM

It wasnt that Always had them. This happened as soon as I installed those 2 new skins :/

RichieBoy67

06-19-2014 05:09 PM

well I doubt it was the skins. Perhaps just coincidence.

Do you have a back up downloaded to your pc? If so you are ok.

All times are GMT. The time now is 11:51 PM.

Page 1 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00997 seconds Memory Usage 1,727KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: