The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
01-13-2014, 04:24 PM
|
|||
|
|||
Forum hack please help
Hello
I had my forum hacked today and the frontpage defaced. Any file i try to go to gives me the hackers message on the front i removed every file on the server and reuploaded them, set the config.php with the database information and also added define('DISABLE_HOOKS', true); into the PHP, now after i did this there was no change, the hackers message is still in the database wich makes me guess that he maybe changed FORUMHOME as suggested when i tried searching google for answers, i can access the database from Phpmyadmin BUT i cannot access the forum adminCP i can access the login windows but when i press "login" it redirects me to login.php wich gives me the hackers message again, what do i do from php my admin to get my forums back online ? 
|
|
#2
01-13-2014, 04:40 PM
|
||||
|
||||
|
Link to the site?
If the INSTALL folder still exists on your server, delete it.
|
|
#4
01-13-2014, 04:56 PM
|
||||
|
||||
|
I get nothing but a blank page, there's no code in reading page source.
|
|
#5
01-13-2014, 05:16 PM
|
|||
|
|||
|
my stupid host removed the default style in the "style" table in the database when scaning, i tried to restore it it but now i just get blank pages. i have a test forum with another license that also was defaced and the code bellow is on all pages i try to access like login.php index.php or simillair. It was on the frontpage where you also get a white page now but after the problems in the "style" table the page is just white, anything you can figure out?
it's for most .php files in root like if i go to mysite.com/login.php or index.php instead i get the hackers message Malware: Code:
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>HACKED BY Mr.M0R0 MOROCCAN HACKER</title> </head> <body> <p align="center"><img border="0" src="http://stupidwebsite.com/46/95/864954/65130309_p.gif"></p> <p align="center"> HACKED AND DEFACED BY Mr.MORO MOROCCAN HACKER</p> <p align="center"> WHAT THE HELL IS GOING ON HERE YOUR SECURITY IS LIKE A SHIT</p> <p align="center"> ++++ING UNSECURE SERVERS I REALLY HATE IT. NO APOLOQIZE , NO MERCY</p> <p align="center"> NO PITTY , NO SORRY , BUT DO NOT WORRY NO FILES DELETED ONLY YOUR INDEX</p> <p align="center"> HAS BEEN CHENGED SO TRY TO EDIT QUICKLY GOOD LUCK . FOR MORE INFO CONTACT ME ON :</p> <p align="center"> Mr.MoRo@HOTMAIL.FR</p> <p align="center"> BYE</p> </body> </p> </html>
|
|
#6
01-13-2014, 05:20 PM
|
||||
|
||||
|
That's coming from a file on the server, not the database.
PM me with FTP credentials and i will have a look.
|
|
#7
01-13-2014, 08:38 PM
|
||||
|
||||
|
It's more than likely this one: http://www.vbulletin.com/forum/forum...=1387659347561
See post #13 .. If not then it's the other variant where the hacker edits your master style replacing all templates with the same identical code which is rather bothersome as you can imagine  .
|
|
#8
01-14-2014, 10:50 AM
|
|||
|
|||
|
I would like to thank Max Taxable for helping me with this issue, thank you very very much!
|
| Благодарность от: | ||
| TheLastSuperman | ||
|
#9
01-14-2014, 11:12 AM
|
||||
|
||||
|
Quote:
|
| 2 благодарности(ей) от: | ||
| RSNF, TheLastSuperman | ||
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 06:31 PM.