Thread: We've been hacked and I don't know the first thing about it
View Single Post
  #9  
Old 11-04-2008, 10:35 AM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AzaDiyaR View Post
FILE permissions 444

FOLDER permissions 555

never be hacked
Those file & folder permissions will NOT work on every server, especially cheap anal vhosted servers.

--------------- Added [DATE]1225802852[/DATE] at [TIME]1225802852[/TIME] ---------------

Quote:
Originally Posted by terracore



I did the phpmyadmin you suggested, I could not find any keywords.

You are right, I could not log into the admincp.

I couldn't figure out what you meant by the config.php.

Your comment about easy fix didn't lead directly to a solution but it certainly helped me.
Sorry Terra

To better explain it, typically those hackers are using injection & i would guess there is a security hole in your system some place, either a addon mod or another php file for a script unrelated to vb actually.

1. Search your DB using keywords fro mthe hackers page he has put up on your site, view the page source and search for instance, the name of the hack/group or anyother keyword you find in the source, like "hacked", typically you'll find them in the template table.

2. Seeing as it was every page of your site, if a php file was modified, its typically global.php, not index.php as ALL the pages are changed.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01192 seconds
  • Memory Usage 1,764KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete