Hacked and cant work out whats happened

[Pt1994]

Ok my website has been hacked and it seems the hackers have done some sort of trickery and now it just displays some "game over" page my site is still there in FTP and the database is fine there were some php files in the ftp like e.php and soem other stuff something called zend.php which was supposed to decrypt a vbulletin config file but that would have been no use becuse my database is only acessible from my ip and localhost

How can i fix this stupid game over page?

[Marco van Herwaarden]

Clean up your filesystem to remove any rogue scripts.
Overwrite your files with a clean copy of vB.
Check your templates and phrases for insertions.

[Pt1994]

Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know

[topranger]

do u access to the server???
i can help check your pm and reply back

[Marco van Herwaarden]

Quote:

Originally Posted by topranger

do u access to the server???
i can help check your pm and reply back

Just a warning to those who think they can offer their services by sending our PM's to random members who are looking for help with a problem, other then as a result of a Paid Request, is considered advertising and spamming.

[topranger]

^sorry about it

[Alex LD]

Quote:

Originally Posted by Pt1994

Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know

Hackers may have targeted because you were vulnerable to many reasons such as you could have been using an older version of vBulletin or some Hack for vBulletin that is out dated with a security whole causing them to target you.

"wlhaan" Is a Saudi Arabia Hacking Team/Group.

Are you on Shared Hosting, a VPS, or a Dedicated Server?

[agitated]

If you're on shared hosting then you ought to be thinking about a move.
I had my second installation of vBulletin, as allowed for testing, installed on my personal website under closed conditions. It was password protected and not open to the public.

Twice it got hacked and my host accepted responsibility, saying several sites got hacked.
I moved to another host after the second attack.

[Jinovich]

Our site is forever targeted by script kiddie groups etc etc as it attracts their attention.

These are steps that can help you identify the issue.

1. Reupload you vBulletin files
2. Reupload your style
3. Disable your plugin and hooks
4. Check your .htaccess
5. Check the replacement variable manager
6. Ensure that it is not some rough html in a notice or announcement.

everytime you complete a step check to see if the problem persists

[Kendothpro]

I can almost surely bet that you have an index.html page in your root directory Try removing it, and your forum will be back

It's a common "trick" used by defacers, since most apache installations have a sequence of what pages to serve if you just go to www.yourwebsite.com and most of the time index.html is the first in line, and index.php comes after it