[terracore]

New info:

The site was hacked by ALQAISER and the hack "theme" was some sort of pro-muslim thing complete with graphics and music and some kind of warning.

I'm not sure who they are or their motivation (it's a forum about parrots, hardly controversial). I also don't know how the hack occured. The database seemed untouched. I really know nothing about computers or coding. I was already running the latest version of VB (3.7.3 patch 1) and wasn't sure what to do to fix this problem or get the board running again so I went through the motions like I was upgrading it (even though its already the latest version) and thankfully that seemed to restore everything to normal. Since I don't know the vulnerability that caused this, and may still exist, I did the common sense things like changing passwords, etc. I also deactivated the following mods:

CYB- CHATBOX
CYB- PAYPAL DONATE
CYB- AUTO BIRTHDAY GREETER
WHO HAS VISITED TODAY
PASSIVE VID

If anybody can look at the board aviannation.com and see if there is anything I can do to close a vulnerability let me know. Also if they think one of those mods had anything to do with it? Can I reactivate them?

--------------- Added [DATE]1225776663[/DATE] at [TIME]1225776663[/TIME] ---------------

Quote:

Originally Posted by UKBusinessLive

have you a backup made of your site, normally they just change the index.php file, Change this first and see, but if you do regular backups of your server, then upload this backup and you'll find everything will be OK. You need to double check all your FTP accounts and change your Passwords, Also make sure of the types of uploads members can do.

These types of hacking often happen when a hacker uploads a piece of code in the gist of an image

good luck with the backup, or if you have an index.php file add that first see what happens

keep us up to date

The index.php file wasn't the problem- it appeared unchanged. I changed it out with an older backup version and it didn't help.

--------------- Added [DATE]1225776773[/DATE] at [TIME]1225776773[/TIME] ---------------

Quote:

Originally Posted by snakes1100

Well, unfortunately its hard to tell what method he used to get in, that looks like either a template hack via the db or a file hack, typically global.php seeing as its every page.

If its a tempalte hack, do a search on the DB via phpmyadmin with keywords from the page source of the hacked page.

Logging into your admincp will most likely not work anyways.

I would suggest you globally disable your hacks in config.php, which is most likely the way he got in anyways.

Upload the default vb files and upgrade the site to the latest version of vb.

THERE IS NO NEED TO RESTORE FROM A BACKUP, THIS IS A EASY TO FIX.

I did the phpmyadmin you suggested, I could not find any keywords.

You are right, I could not log into the admincp.

I couldn't figure out what you meant by the config.php.

Your comment about easy fix didn't lead directly to a solution but it certainly helped me.