My Forum Got Hacked Today

[-=Leb=-]

Hi guys, it seems like this URL REMOVED are specialists with hacking forums / Sites . How come no one taking action against these hackers.
Anyway, they got access to my ftp, edited the the forum config file and deleted the entire logs.

i know what to do, i will have to delete everything including the database.
I just want t o let you know about these hackers incase you want to do something against them.

How did they got access to my password ?
It wasn't even 2 weeks ago since i changed it and is not easy pw.

[Disco_Dave]

Sorry to hear this! Do you not have any back ups of your database?

I'm sure your host could give more details on how they got in....

[Dave]

I'm sorry to hear this, but we need some more information like:

- Are you on a shared website host?
- Can you list the plugins you have installed?
- Were you using complex passwords?
- What vBulletin version are you using?
- Did you delete the install and/or core/install folder on your FTP?

[-=Leb=-]

Quote:

Originally Posted by Dave

I'm sorry to hear this, but we need some more information like:

- Are you on a shared website host?
- Can you list the plugins you have installed?
- Were you using complex passwords?
- What vBulletin version are you using?
- Did you delete the install and/or core/install folder on your FTP?

Hi thank you for your replies
yeas i do have a shared website host at hostgator
the pw for my ftp it is hard, and it was hostagtor picked it

using VB 4.2.2 with the latest patch

The list of all plugins:
Auto Database Backup 4.2.0.0 Turned off

Ban Spider by UserAgent 3.0.3

BlackThorn Whois Online - AdminCP 4.0.0

Change Posts Owner 1.9.0

Change Threads Prefix Inline 2.2.0

CSS Compression 1.3.0

Default Ban Avatar 1

Display Unread Posts 4.2.0.0

Easy Forms 4.3.0

Easy Mod Tools 4.2.0

Extended reputation display 4.2.0.0

Forum Runner 4.2.2

GamerCards in User Profile and Postbit 3.0.2

GeekyDesigns Default Avatar 2.0.3

Guest Tracking 4.2.0.0

Hasann - Username Html Markup 4.2.x

Inactive User Reminder Emails 2.2.1

IpInfo 2.0 Turned Off

IWT - Time Spent Online 1.2.6

KeyCAPTCHA 3.7.0

Lower Breadcrumbs 1.4

MARCO1 Hide All 4.5

MARCO1 Quick Admin Tools 1.0

Member Tracking 4.2.0.0

Members who have Posted 4.2.0.0

Members who have Registered 4.2.0.0

Multiple Account Detection & Prevention 1.1.3

Navbar menu for Gallery 1.00

Navtab menu for Gallery 1.00

New Album Picture Forum Home 1.0

Panjo 4.2.2 Classifieds integration that increases engagement, grows membership, and generates a new stream of revenue.

Picture and Album Gallery 1.08

Poll For Forum Sideblock By Ayush 2.0 i

Post Thank You Hack 7.82

PostRelease 4.2.2

Private Messages and Email Log 3.1

Real IP Detection 4.2.0.0

Real Name In Profile and Postbit 4.0.3

Separate Sticky and Normal Threads 4.0.1

SevenSkins Most Popular 1.3

SevenSkins Page Generation Stats 1.0

Skimlinks Plugin 4.2.2

Tabs en vBulletin 4.x 2.0.3

Tag Cloud on Forum Home 1.0.0

Thread Reader Enhancements 4.2.0.0

Today's Top Poster(s) 4.0.RC1 by Hasann

Usergroup Color Bar 2.1.1

vBulletin Blog 4.2.2 Turned Off

vBulletin CMS 4.2.2 Turned Off

View Forum Leaders Based On Usergroup Permissions 4.0.2

View your Threads or Posts from the Navbar 4.1.0

VigLink 2.0.6

VSa - (De)Bump Threads 1.2 VSa -

VSa - Advanced 'New Posts' 3.0.3

VSa - Advanced Forum Statistics 7.1

VSa - Advanced Registration 2.0.3

VSa - ChatBox 3.1.8 V

VSa - Forums Online CountUp 2.0

VSa - Login To User Account 3.0.6

VSa - Moderating Stats 2.0.2

VSa - PayPal Donate 5.0.3

VSa - Sub-Forum Manager 3.1.4

Z - Referral Count in Postbit 1.0

[CKEditor] MARCO1 Advanced Quick Reply And Edit 5.2

[Dave]

Do you also know if they deleted the access logs of your website? I believe they can not delete that from the FTP since it's a separate thing in the control panel of Hostgator?

[-=Leb=-]

Hi dave, yes he got access to the forum root, edited the forum config and removed me from UNDELETABLE
changed my username to AK47

and yeas he did delete the entire log for my account aftter he deleted it, he edited an account and i got his ip

[Dave]

Okay well it will be hard to figure out in that case. Have you tried asking Hostgator if there are backups of the logs?

And can you confirm to me that you deleted the install folder in your web root?

[-=Leb=-]

they are investigating the issue and yes the install is deleted

[ForceHSS]

Dam you were hit hard sorry to hear this. On another note the ones who hacked you have vbulletin site and might be a member on here I am sure staff could find out who it is

[Dave]

Quote:

Originally Posted by ForceHSS

Dam you were hit hard sorry to hear this. On another note the ones who hacked you have vbulletin site and might be a member on here I am sure staff could find out who it is

I have a feeling sites like that only make use of nulled versions.
There are plenty of forums like OP posted, but taking them down is nearly impossible.