Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-27-2010, 09:15 PM
vwjunkie vwjunkie is offline
 
Join Date: Aug 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Need some help, possibly got hacked...

Hey everyone,
i have been going back and forth with vbulletin support and with my hosting company but I haven't gotten this taken care of yet. When I went to get on my forum today, I found that my screen name and password weren't recognized, and when I went to the lost password page, it said my email wasn't recognized. Upon looking at the forum, I found all my posts now have a different screen name at the top. Nothing has been deleted or changed on the forum though which I thoght was kinda weird, if you bothered to hack it you would expect they would f everything up. Anyway, I was told to load up the tools.php from the "do not load" folder into the admincp directory. I downloaded a ftp server program and got the login/passord details from the hosting company. I did this, and when I go to load the tools.php page its all messed up, comes out in text, keeps asking me for the password. I loaded it in the public html secion under admincp. What am I doing wrong here? If I could just get that to load up I could take care of the rest no problem, but I'm far from a computer wizard or vbulletin expert!

Thanks,
Jason

--------------- Added [DATE]1285626515[/DATE] at [TIME]1285626515[/TIME] ---------------

Also, the screen name that is now what my name used to be, is "netstat_n@" Anyone recognize that?

Jason
Reply With Quote
  #2  
Old 09-27-2010, 10:54 PM
bandare bandare is offline
 
Join Date: Nov 2004
Location: Derby, UK
Posts: 221
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

my first suggestion is to talk to the hosting company and get the site passworded so whoever changed it can not see the site. You can set a password in the hosting cpanel. I would then see if you have a backup or if the host has a backup of the database from a day or two before. See if that can be restored instead of what you have. You may lose a little data but not too much I hope!

That would be my suggestion but I'm sure others will have a better idea.

Regards and good luck!
Reply With Quote
  #3  
Old 09-27-2010, 11:21 PM
vwjunkie vwjunkie is offline
 
Join Date: Aug 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the suggestion. I just contacted the hosting company to see if they can password protect the site or take it offline while I try to get this figured out. I don't have a backup and they only backup the site if you pay extra. Still no luck getting the tools page to load to reset the password. I don't know why I'm having such difficulty with this. I followed the instuctions and everything I uploaded and did matched what they said, but it just doesn't work...

Jason

--------------- Added [DATE]1285634337[/DATE] at [TIME]1285634337[/TIME] ---------------

550 Can't change directory to /public_html/cpstyles/<: No such file or directory



That is the error message I get after I put in the password for the page when it loads up. I get the dialog box where you are supposed to enter your vbulletin customer number, but the rest of the page is screwed up.


Jason

--------------- Added [DATE]1285635705[/DATE] at [TIME]1285635705[/TIME] ---------------

Also how the hell did someone do this and get past my password? It was letters and numbers and nothing obvious, hell it wasn't even a real word! Or how do I prevent this again?

Thanks,
Jason
Reply With Quote
  #4  
Old 09-28-2010, 12:55 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you are getting a No such file or directory error, then it sounds like they may have deleted your files. I would ftp to the site and reupload all your vbulletin files (make sure you keep a copy of the config.php file).
Reply With Quote
  #5  
Old 09-28-2010, 01:33 AM
vwjunkie vwjunkie is offline
 
Join Date: Aug 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the reply, when you say upload all the files, you mean all the files for the whole thing? Or just files for the admincp section? I'm not very familiar with any of this, the hosting company uploaded the forum to their server for me and I took it from there. This is somewhat over my head but I don't have much choice.

In the mean time I did get the forum password protected so that idiot wont be on there messing with stuff at least.

Jason
Reply With Quote
  #6  
Old 09-28-2010, 01:51 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If I were hacked, I would be reuploading ALL my files. I would want to make sure all the files were fresh from my backup that I keep on my computer so there is no possibility that there are any edited files left on my server. What if they guy left some script on there that is going to grab your password as soon as you do log on and all he has to do is point his browser to this script and he gets it?
Reply With Quote
  #7  
Old 09-28-2010, 12:20 PM
vwjunkie vwjunkie is offline
 
Join Date: Aug 2010
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That would suck. Vbulletin support said the same thing in the response I just got back. I don't have a backup though so I don't know what I'm going to do about that. I know there is a feature to do that but its in the admin cp which I cant get to.

Jason
Reply With Quote
  #8  
Old 09-28-2010, 01:29 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm talking about replacing your *files*. If you were using all default files, then you can just get a new copy by downloading them from the members area at vbulletin.com (get the same version you were running) and then just copy over them replacing the ones on your server with a fresh copy.

And there is no feature in the admincp to make a backup copy of your files or your database. There are mods that can do this though.
Reply With Quote
  #9  
Old 09-28-2010, 01:31 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by vwjunkie View Post
That would suck. Vbulletin support said the same thing in the response I just got back. I don't have a backup though so I don't know what I'm going to do about that. I know there is a feature to do that but its in the admin cp which I cant get to.

Jason
From your description it looks like the db hasn''t been demaged badly. So make a backup of it in the condition that it is. You can do so from the phpmyadmin in the cp of your host.

Then upload a fresh copy of the latest version, 4.0.7. in your server space and then run the upgrader. That is only if you were using an older version when you got hacked. If you were already using 4.0.7. running the upgrader won''t be necessary. Then get your admin account back. If the way through tools.php didn''t work (what was the exact error you got btw), then do it so from the db directly. Also check the user tables for any other admins that shouldn''t be there and delete them if there will be any.

Change all your passwords again, admin, ftp and cp. Then ask your host to check their logs and see how exactly did the hacker/s managed to get access to your forum. If your host will not be forthcoming, then maybe it is time to start looking for another host.

After you do all this, let us know so we can guide you how to get your posts and theads back.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:13 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05164 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete