The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Hacked Sites, How Many Recently?
Seems like everyone is getting hacked. Some threads say over 200 in the past month. Ours, http://www.seriousoffshore.com/forums/ , and one of our main members, http://www.donzi.org/ were both hacked the end of last week/over the weekend.
Has anyone been able to find out why so many recently? Ours seems to have the hack code inserted the first part of September, then activated later. So, our recent backups are also infected which has created a major pain. I hope this is the right place to ask the question. |
#2
|
||||
|
||||
I have not seen a list or a count on the number of sites, but they almost all have to due with the install directory not being deleted.
To recover, please read the following two blog posts: http://www.vbulletin.com/forum/blogs...ve-been-hacked http://www.vbulletin.com/forum/blogs...vbulletin-site Also please see these recent security announcements: vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions |
#3
|
|||
|
|||
Have you seen the redirect worm that is in the seriousoffshore.com/forums before (if you've looked)? They did get in through the install as you said, but then they created admin users, modified files in the admincp folder, the style templates, and the plugins. The admincp and database hacks are pretty severe. Plus, because of the delay for when it went active, our backups are infected. As our webmaster says, Every time he thinks he has everything, something else pops up.
Anyway, if anyone is familiar with the pain of this one, helpful hints are certainly appreciated. Thanks for the input so far. |
#4
|
||||
|
||||
If you follow the two blog posts, thoroughly, and not skip any details at all, you should be ok.
|
#5
|
|||
|
|||
I wish that was as easy as that.
|
#6
|
||||
|
||||
No one said it was easy, but there have been many successful sites to recover following the info provided in there.
|
#7
|
|||
|
|||
Well I guess mine has been one of the few that continues to have issues even after doing everything and more in all of those blogs.
|
#8
|
|||
|
|||
It is not easy and it is time consuming, and I am sorry you were hacked. Keep at it and ask questions here, if you do not understand something.
|
#9
|
||||
|
||||
What is the things that keep popping up, always different, same thing, and what is the things?
|
#10
|
|||
|
|||
well all he does now is when you go to the forum.php page it take you to an html page but not necessarily redirecting you anywhere. So I usually just run the upgrade script and is back to normal. So today I deleted all of the custom templates and uploaded new ones just in case the code was in there, but I have done everything else possible.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|