If your forums has been hacked by "Team Animus", please read this to get helped to remove hacking traces and make your forums secure.
NOTE: Please be careful when removing any data. Make sure you have backups of your important files and databases!
What they did:
Code:
1. Added vba.php to INCLUDES folder
2. Replaced several index.php files, added some index.html files
3. Added new user with ID "13371338", admin status
4. Changed user titles to "Hacked by Team Animus"
5. Disabled current admins
6. Disabled forums
Here is what I have done:
Code:
01. MyAdmin > Deleted latest user (hacker - admin group)
02. MyAdmin > Changed autoincrement value in USER table to {LatestUserID} + 1
03. MyAdmin > Executed two queries to fix user titles:
UPDATE user SET usertitle = replace(usertitle, "Hacked by Team Animus", "");
UPDATE user SET customtitle = '0' where customtitle = '1';
04. FTP > To be sure that all files are OK, I've deleted everything from my forum folder, except:
images, banners, .htaccess, favicon, config.php (re-checked content of this one, just in case)
05. FTP > Uploaded original forum files + custom .php's which belongs to add-ons I'm using
06. FTP > Uploaded tools.php, restored my admin status, enabled forums
07. FTP > Deleted tools.php and /install/install.php
[S]08. ACP > Removed "Skimlinks Plugin" (who installed this? hacker?)[/S] - Edit: added by vB in 4.1.3
09. ACP > Updated "VSa - Advanced Forum Rules" add-on (download latest version: vB3.x, vB4.x)
10. ACP > Re-imported all add-ons I'm using, with "overwrite" checked, to ensure there are no modified codes
11. ACP > Maintenance > update user titles, fix broken user profiles, repair and optimize tables
If you have any questions, feel free to ask.
And again: Make sure you have backups of your important files and databases before you delete anything!