[TheLastSuperman]

Quote:

Originally Posted by pjkcards

I've deleted the install directory, found several admin users and removed their admin permissions, disabled hooks in config.php, but still haven't resolved it yet. I haven't installed a fresh vB version yet since that will remove all my customizations.

I'll update here if I get it working.

Edit: I've also noticed it is the main theme that redirects, and all it child themes. Other themes work fine w/o redirect.

--------------- Added [DATE]1378795611[/DATE] at [TIME]1378795611[/TIME] ---------------

In the FORUMHOME template, it was modified by a hacker account, and was modified to be:
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://adf.ly/VRAFS">

Check that file, and revert it.

Quote:

Originally Posted by Treeleaf

I've also chased these fixes with no luck yet.

--------------- Added [DATE]1378824479[/DATE] at [TIME]1378824479[/TIME] ---------------

I'll eat my words, you had it right Pjkcards. Once you get the info out of the template, it's gone. Thanks so much for this.

Bows.

Quote:

Originally Posted by xenite

The redirects are being inserted into the database through the ADMINCP. Replacing the scripts won't accomplish anything.

Your best bet is to look at the Admin Log and see which functions the bogus admin accounts accessed. Then go to those tools and look at the most recently changed/added data. This could be notices, templates, plugins -- anything where you can embed HTML code that is executed.

IF and I mean IF you have the redirect yet your FORUMHOME template is fine in your styles, then they have edited your master style see here - https://vborg.vbsupport.ru/showpost....1&postcount=52

The only way that is possible is by them uploading shell scripts that then allow them to modify files to place the site in debug mode, heck you can do that for one single user via a quick plugin. Check for files such as lol.php and others, also check above your forum root in public_html and others for files such as lol.php or similar names, check timestamps of files as one could be a shell script and yes do replace all your vBulletin files with 100% fresh files, download the same version (patched of course) and then overwrite all files - REMEMBER to delete the /install/ folder before uploading.