Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Hacked
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 06-19-2014, 01:30 PM
Terrablade Terrablade is offline
 
Join Date: Oct 2013
Posts: 274
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked
Anyone familiar with Symlink hack? I just lost my forum, completely deleted using such method i was informed by my hosting company.

A hacker uploaded a c99 shell to my server and deleted all the data with it and used symlink aswell is what i was told. Anyway to prevent this from happening again?

Im so mad
Reply With Quote
  #2  
Old 06-19-2014, 02:06 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Are all backups gone as well. Check logs to see how he got in
Reply With Quote
  #3  
Old 06-19-2014, 03:16 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Curious if you still have the v4 files on your server, particularly the "install" folder.
Reply With Quote
  #4  
Old 06-19-2014, 03:28 PM
Terrablade Terrablade is offline
 
Join Date: Oct 2013
Posts: 274
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
No i dont Max, I was back on 3.8.7.

ForceHss luckily I had a backup. The only different thing I had was 2 skins I installed.
Would you guys be able to check if they were the culprit?
Reply With Quote
  #5  
Old 06-19-2014, 03:52 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You need to ask your host how they got in they can check things you might not have access to
Reply With Quote
  #6  
Old 06-19-2014, 04:06 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Terrablade View Post
No i dont Max, I was back on 3.8.7.
This does NOT mean you still don't have the vulnerable v4 files on the server.

Remove ALL instances of the install folder, regardless of version. Immediately.
Reply With Quote
  #7  
Old 06-19-2014, 04:43 PM
Terrablade Terrablade is offline
 
Join Date: Oct 2013
Posts: 274
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Max i guess you didnt read correctly.. EVERYTHING GOT WIPED OUT. all files are gone from ftp
Reply With Quote
  #8  
Old 06-19-2014, 04:58 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Terrablade View Post
Anyone familiar with Symlink hack? I just lost my forum, completely deleted using such method i was informed by my hosting company.

A hacker uploaded a c99 shell to my server and deleted all the data with it and used symlink aswell is what i was told. Anyway to prevent this from happening again?

Im so mad
Chances are the shell was in one of those nulled scripts you had. This was why I told you twice to scan for malware. Those hacked versions always contain shell scripts and malware.

Hopefully up still have a back up downloaded to your pc.
Reply With Quote
  #9  
Old 06-19-2014, 05:06 PM
Terrablade Terrablade is offline
 
Join Date: Oct 2013
Posts: 274
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It wasnt that Always had them. This happened as soon as I installed those 2 new skins :/
Reply With Quote
  #10  
Old 06-19-2014, 05:09 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
well I doubt it was the skins. Perhaps just coincidence.

Do you have a back up downloaded to your pc? If so you are ok.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 12:26 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04016 seconds
  • Memory Usage 2,248KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete