SITE HACKED AGAIN! Can't access ACP. Totally lost.

[obglobal.net]

This is ridiculous.

I don't know how to handle this kind of stuff! I can't even access my ACP to delete this dude.

Hacked by Ari Tiga Angka Enam.

Why is vBulletin so easy to hack? Someone please guide me through what to do via cPanel.

I lost about 50 posts last time because I reverted to a backup.

So over it. :down:

[xenite]

Using Web-sniffer.net it looks to me like he may have replaced some of your PHP files. You may only have to upload backup copies of the PHP, not the MySQL database.

As far as blocking him from accessing your site again, look at your VBulletin ADMIN log and your raw server log to see if you can identify the right IP address.

If you don't know how to do this stuff then you'll probably need to pay someone to harden your server.

[obglobal.net]

All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added [DATE]1379427695[/DATE] at [TIME]1379427695[/TIME] ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?

[ForceHSS]

Replace them from the ftp

[TheLastSuperman]

Quote:

Originally Posted by obglobal.net

All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added [DATE]1379427695[/DATE] at [TIME]1379427695[/TIME] ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?

Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above .

[obglobal.net]

Thanks a lot, fellas. I'll give this a try. Cheers.

--------------- Added [DATE]1379457841[/DATE] at [TIME]1379457841[/TIME] ---------------

Quote:

Originally Posted by ForceHSS

Replace them from the ftp

Quote:

Originally Posted by TheLastSuperman

Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above .

Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.

[xenite]

Quote:

Originally Posted by obglobal.net

Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.

If all else fails, login to VBulletin's Members area and download the source code again. Then just extract the files you are sure you need.

[obglobal.net]

Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.

[TheLastSuperman]

Quote:

Originally Posted by obglobal.net

Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.

I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay . Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum .

[obglobal.net]

Quote:

Originally Posted by TheLastSuperman

I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay . Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum .

It's all good. It was a bit of a blunder on my behalf to go in to this thinking I'd have to do so little. I've been made wiser through my own silliness, unfortunately.

Could you help me with this?

https://vborg.vbsupport.ru/showthread.php?t=302431