Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 01-19-2009, 02:09 PM
princeedward's Avatar
princeedward princeedward is offline
 
Join Date: Jan 2007
Location: Deutschland
Posts: 901
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked By Red Virus!!!

Hacked By Red Virus!!!


...please help or any advice what to do...our site is just hacked... LOL!


appreciate any help from any of you guys...

best regards...
Attached Images
File Type: jpg red_virus.jpg (61.8 KB, 0 views)
Reply With Quote
  #2  
Old 01-19-2009, 02:33 PM
saltedm8 saltedm8 is offline
 
Join Date: May 2008
Posts: 84
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

my first suggestion if you have are not already is to update to 3.8, because even if you get your site back online, they will just come back and do it again.

secondly, change all your ftp control panel and admincp passwords

if you are on the latest version then you had better send a support ticket to vbulletin.com
Reply With Quote
  #3  
Old 01-19-2009, 02:47 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have access to phpMyAdmin? If so, go in and select the user table to repair.
Reply With Quote
  #4  
Old 01-19-2009, 03:28 PM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have a backup? Does your host?
I would restore the backup to right before it was hacked.
At that point, update the forum and ALL the hacks and change all your passwords as well as putting a pass protect popup on your admincp.
Then examine the logs, and see how they got in.
Reply With Quote
  #5  
Old 01-19-2009, 03:31 PM
Sawa Dee SohL Sawa Dee SohL is offline
 
Join Date: Aug 2008
Location: www.TheSocialRev.com
Posts: 277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

For something like this, would it be good to have a backup admin name? For example, does this effect all Admin accounts? Or do they just go after the Head Admin name?

I have a few alternate Admin accounts on my site (basically hidden) - didn't know if that sort of thing might help in a case like this?
Reply With Quote
  #6  
Old 01-19-2009, 03:37 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A backup admin account is meaning less for this hack, he simply modified either a template or added code in a php file to call his site & code.

The user table crash is hard to say, it might or might not of been caused by the hacker.

There is really no need to do a backup either, removing what he did is rather easy, but as Loco stated, upgrade everything to plug the hole he used to hack the site in the first place.
Reply With Quote
  #7  
Old 01-19-2009, 04:07 PM
princeedward's Avatar
princeedward princeedward is offline
 
Join Date: Jan 2007
Location: Deutschland
Posts: 901
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Do you have access to phpMyAdmin? If so, go in and select the user table to repair.
thanks Lynne...any hint how to do it...got no any idea about this....just a newbie here....

Quote:
Originally Posted by Loco.M View Post
Do you have a backup? Does your host?
I would restore the backup to right before it was hacked.
At that point, update the forum and ALL the hacks and change all your passwords as well as putting a pass protect popup on your admincp.
Then examine the logs, and see how they got in.
ACP Pass Protect Popup ON? ....i guess...if no other way to resolve this and back to the original situation...i guess have no choice but to restore it back...like 1 day before this happen...

Quote:
Originally Posted by Sawa Dee SohL View Post
For something like this, would it be good to have a backup admin name? For example, does this effect all Admin accounts? Or do they just go after the Head Admin name?
I have a few alternate Admin accounts on my site (basically hidden) - didn't know if that sort of thing might help in a case like this?
how it good to have the backup admin name...in time like this? the first time...still got access to my ACP...the time that i tried to renew my pass...i got that TABLE ERROR ...so now got no ACP access anymore...

Quote:
Originally Posted by snakes1100 View Post
A backup admin account is meaning less for this hack, he simply modified either a template or added code in a php file to call his site & code.
The user table crash is hard to say, it might or might not of been caused by the hacker.
There is really no need to do a backup either, removing what he did is rather easy, but as Loco stated, upgrade everything to plug the hole he used to hack the site in the first place.
hmmm...



anyway million thanks guys for your time about this......much appreciated...don't know how they got me...i guess don't have any solution on this but to decide to restore into previous time..say 1 day before this S---T ! happen....


just copy the page source fo more info::

Code:
<!-- CSS Stylesheet -->
<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:st1="urn:schemas-microsoft-com:office:smarttags"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name="keywords" content="hacked by red virus">
<meta name="description" content="hacked by red virus">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 11">
<meta name=Originator content="Microsoft Word 11">
<link rel=Edit-Time-Data href="index_files/editdata.mso">
<title> hacked by red virus</title>

<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>To0oLBA</o:Author>
  <o:Template>Normal</o:Template>
  <o:LastAuthor>To0oLBA</o:LastAuthor>
  <o:Revision>2</o:Revision>
  <o:TotalTime>6</o:TotalTime>
  <o:Created>2008-11-10T15:30:00Z</o:Created>
  <o:LastSaved>2008-11-10T15:36:00Z</o:LastSaved>
  <o:Pages>1</o:Pages>
  <o:Words>125</o:Words>
  <o:Characters>716</o:Characters>
  <o:Lines>5</o:Lines>
  <o:Paragraphs>1</o:Paragraphs>
  <o:CharactersWithSpaces>840</o:CharactersWithSpaces>
  <o:Version>11.5606</o:Version>
 </o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:Compatibility>
   <w:ApplyBreakingRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" LatentStyleCount="156">
 </w:LatentStyles>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Angsana New";
	panose-1:2 2 6 3 5 4 5 2 3 4;
	mso-font-charset:0;
	mso-generic-font-family:roman;
	mso-font-pitch:variable;
	mso-font-signature:16777219 0 0 0 65537 0;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:536871559 0 0 0 415 0;}
@font-face
	{font-family:"Trebuchet MS";
	panose-1:2 11 6 3 2 2 2 2 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:647 0 0 0 159 0;}
@font-face
	{font-family:Impact;
	panose-1:2 11 8 6 3 9 2 5 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:647 0 0 0 159 0;}
@font-face
	{font-family:"Comic Sans MS";
	panose-1:3 15 7 2 3 3 2 2 2 4;
	mso-font-charset:0;
	mso-generic-font-family:script;
	mso-font-pitch:variable;
	mso-font-signature:647 0 0 0 159 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0cm;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
p
	{mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
span.genmed
	{mso-style-name:genmed;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;
	mso-header-margin:35.4pt;
	mso-footer-margin:35.4pt;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
	mso-para-margin:0cm;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";
	mso-ansi-language:#0400;
	mso-fareast-language:#0400;
	mso-bidi-language:#0400;}
</style>
<![endif]-->
<meta http-equiv=Content-Language content=en-us>
<!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1"/>
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=black lang=EN-US style='tab-interval:36.0pt;background-attachment:
fixed'>

<div class=Section1>

<p align=center style='text-align:center'><b><span style='font-size:11.0pt;
font-family:Verdana;color:#A8A8A8'>&nbsp;Ow</span></b><b><span
style='font-size:11.0pt;font-family:"Trebuchet MS";color:#A8A8A8'>3</span></b><b><span
style='font-size:11.0pt;font-family:Verdana;color:#A8A8A8'>nd by </span>

<span style="font-size: 11pt; color: #FF0000; font-family: Verdana">Red Virus</span></b></p>

<p align=center style='text-align:center'><img width=350 height=60
id="_x0000_i1025" src="http://upload.traidnt.net/upfiles/WyO07387.gif" border=0><o:p></o:p></p>

<p align=center style='margin:0cm;margin-bottom:.0001pt;text-align:center;
word-spacing:-1px'><b><span style='font-size:18.0pt;font-family:Verdana;
color:red'>&nbsp;</span></b><span class=GramE><span style='font-size:18.0pt;
font-family:Verdana;color:red'>[</span><b><span style='font-size:18.0pt;
font-family:Verdana;color:#E0E0E0'> </span></b></span><span class="SpellE">
<font size="6" color="#FF0000"><b><span style="font-family: Courier New">Red 
ViRus</span></b></font></span><b><span
style='font-size:24.0pt;font-family:"Courier New";color:#E0E0E0'> <span
class=SpellE>WaS</span> <span class=SpellE>HeRe</span></span></b><b><span
style='font-size:18.0pt;font-family:Verdana;color:red'> </span></b><b><span
style='font-size:18.0pt;font-family:Verdana;color:#E0E0E0'>&nbsp;</span></b><span
style='font-size:18.0pt;font-family:Verdana;color:red'>]</span><o:p></o:p></p>

<p align=center style='text-align:center'><span class=genmed><span
style='filter:"blur\(add=1\,direction=270\,strength=30\)"'><b><span
style='font-size:14.0pt;font-family:"Courier New";color:red'>[~]</span></b></span><span
class=genmed><b><span style='font-size:10.0pt;font-family:"Courier New";
color:red'> </span></b></span><span class=genmed><b><span style='font-size:
14.0pt;font-family:"Courier New";color:#A8A8A8'>Stay Safe<span class=GramE>..</span>
Don't Try This AT WEB</span></b></span><span class=genmed><b><span
style='font-size:7.5pt;font-family:"Courier New";color:#A8A8A8'> </span></b></span><span
class=genmed><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#A8A8A8'>(</span></span></b><span style='filter:"blur\(add=1\,direction=270\,strength=30\)"'></span><span
class=genmed><b><span lang=TH style='font-size:14.0pt;font-family:"Angsana New";
mso-ascii-font-family:"Courier New";mso-hansi-font-family:"Courier New";
color:#A8A8A8;mso-bidi-language:TH'>๏</span></span></b><span
style='filter:"blur\(add=1\,direction=270\,strength=30\)"'></span><span
class=genmed><b><span style='font-size:14.0pt;font-family:Tahoma;color:#A8A8A8'>̯͡</span></b></span><span
class=genmed><b><span lang=TH style='font-size:14.0pt;font-family:"Angsana New";
mso-ascii-font-family:"Courier New";mso-hansi-font-family:"Courier New";
color:#A8A8A8;mso-bidi-language:TH'>๏</span></b></span><span
class=genmed><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#A8A8A8'>)</span> </span></b></span></p>

<p align=center style='text-align:center'><b><span style='font-size:14.0pt;
font-family:Impact;color:#C71A10'>----</span></b><b><span style='font-size:
14.0pt;font-family:"Courier New";color:#C71A10'> - - - - - - -</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- -</span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:red'> <span class=GramE>[<span style='font-size:10.0pt;mso-bidi-language:
AR-EG'> </span><span class=SpellE><span style='font-size:13.5pt;color:#919191;
mso-bidi-language:AR-EG'>oPS</span></span></span></span></b><b><span
style='font-size:13.5pt;font-family:"Courier New";color:#919191;mso-bidi-language:
AR-EG'> , Doomed By <span class="SpellE">RED VIRUS</span></span><span
style='font-size:14.0pt;font-family:"Courier New";color:red'> ]</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#A6140D;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- - - - - - -</span></b><b><span style='font-size:14.0pt;
font-family:"Courier New";color:#C71A10;mso-bidi-language:AR-EG'> </span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10'>- - </span></b><b><span
style='font-size:14.0pt;font-family:Impact;color:#C71A10'>----</span></b></p>

<p align=center style='text-align:center'><b>
<span
style='font-size:10.0pt;font-family:Verdana;color:#919191'>
<st1:City w:st="on"><st1:place w:st="on">Mission</st1:place></st1:City>
Complete &quot;)<span class=GramE>;</span><br>
<br>
</span></b><b><span style='font-size:11.0pt;font-family:Verdana;color:#919191'>Exit
Form This Dirty Box ...</span></b></p>
<p align=center style='text-align:center'><b>
<font face="Verdana" style="font-size: 11pt" color="#008000">من يكره مصر خسران 

ومن يرسمها فنان ومن يحسدها غيران ومن يحبها انسان ومن يحتلها حيوان وتعيش مصر غصبأ 
على الزمان </font></b></p>

<p align=center style='text-align:center'><b><span style='font-size:14.0pt;
font-family:Impact;color:#C71A10'>----</span></b><b><span style='font-size:
14.0pt;font-family:"Courier New";color:#C71A10'> - - - - - - -</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- -</span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:red'> <span class=GramE>[<span style='font-size:10.0pt;mso-bidi-language:
AR-EG'> </span><span style='color:#999999'>Contact</span></span> ]</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#A6140D;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- - - - - - -</span></b><b><span style='font-size:14.0pt;
font-family:"Courier New";color:#C71A10;mso-bidi-language:AR-EG'> </span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10'>- - </span></b><b><span
style='font-size:14.0pt;font-family:Impact;color:#C71A10'>----</span></b></p>

<p align=center style='text-align:center'>
<span style="font-size: 14pt; color: #006600"><b>
<span style="font-family: Comic Sans MS">C3O@W.CN</span></b></span></p>

<p align=center style='text-align:center'><b><span style='font-size:10.0pt;
font-family:Tahoma;color:#919191;mso-bidi-language:AR-EG'>&nbsp;</span></b><span
class=genmed><span style='filter:"blur\(add=1\,direction=270\,strength=30\)"'><b><span
style='font-size:11.0pt;font-family:"Courier New";color:#A8A8A8'>(</span></b></span><span
class=genmed><b><span lang=TH style='font-size:11.0pt;font-family:"Angsana New";
mso-ascii-font-family:"Courier New";mso-hansi-font-family:"Courier New";
color:#A8A8A8;mso-bidi-language:TH'>๏</span></span></b><span
style='filter:"blur\(add=1\,direction=270\,strength=30\)"'></span><span
class=genmed><b><span style='font-size:11.0pt;font-family:Tahoma;color:#A8A8A8'>̯͡</span></b></span><span
class=genmed><b><span lang=TH style='font-size:11.0pt;font-family:"Angsana New";
mso-ascii-font-family:"Courier New";mso-hansi-font-family:"Courier New";
color:#A8A8A8;mso-bidi-language:TH'>๏</span></b></span><span
class=genmed><b><span style='font-size:11.0pt;font-family:"Courier New";
color:#A8A8A8'>)</span></span></b></span></p>

<p align=center style='text-align:center'><b><span style='font-size:14.0pt;
font-family:Impact;color:#C71A10'>----</span></b><b><span style='font-size:
14.0pt;font-family:"Courier New";color:#C71A10'> - - - - - - -</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- -</span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:red'> <span class=GramE>[<span style='font-size:10.0pt;mso-bidi-language:
AR-EG'> </span><span style='color:#999999'>Greets</span></span> ]</span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#A6140D;mso-bidi-language:
AR-EG'> </span></b><b><span style='font-size:14.0pt;font-family:"Courier New";
color:#C71A10'>- - - - - - -</span></b><b><span style='font-size:14.0pt;
font-family:"Courier New";color:#C71A10;mso-bidi-language:AR-EG'> </span></b><b><span
style='font-size:14.0pt;font-family:"Courier New";color:#C71A10'>- - </span></b><b><span
style='font-size:14.0pt;font-family:Impact;color:#C71A10'>----</span></b></p>

<p align=center style='text-align:center'><span class=GramE><b>
<span
style='font-family:"Courier New";color:#FF0000'> <font size="5">D3ViL 
<a href="mailto:iR@Q,hebarieh,falconbuss,هتلر"><font color="#FF0000">iR@Q</font></a></font></span></b></span><a href="mailto:iR@Q,hebarieh,falconbuss,هتلر"><b><span
style='font-family:"Courier New";color:white'><font size="5">,</font></span><font color="#008000" size="5"><span
style='font-family:"Courier New";'>hebarieh</span></font><span
style='font-family:"Courier New";color:white'><font size="5">,</font></span></b><font size="5"><font color="#FFFF00">ASD</font><span
style='font-family:"Courier New";color:white'><b>,</b></span><b><span lang="ar-eg" style="font-family: Courier New"><font color="#00FF00">هتلر</font></span></b></font></a><span
style='font-family:"Courier New";color:#00FF00'><font size="5"><span lang="ar-eg"><b> 
الشمرى</b></span></font></span><font size="5"><a href="mailto:iR@Q,hebarieh,falconbuss,هتلر"><span
style='font-family:"Courier New";color:white'><b>,</b></span></a></font><font size="5" color="#FF9966">EgYpTioN 
HaCkEr</font><font size="5"><b><a href="mailto:iR@Q,hebarieh,falconbuss,هتلر"><span
style='font-family:"Courier New";color:white'>,</span></a></b></font><a href="mailto:iR@Q,hebarieh,falconbuss,هتلر"><font color="#FFFFFF" size="5">falconbuss</font></a></p>

</div>

</body>

</html>
<!--- Security Portal Mirror ---!>

<!-- / CSS Stylesheet -->

<script type="text/javascript">
<!--
var SESSIONURL = "";
var IMGDIR_MISC = "";
var vb_disable_ajax = parseInt("0", 10);
// -->
</script>
Reply With Quote
  #8  
Old 01-19-2009, 04:10 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

1. Its not that hard to remove what he did, search the db for keywords in his code, (most likely a template)

2. Verify no php files were modified. (global.php if its on every page)

3. Upgrade site, forums, hacks etc.
Reply With Quote
  #9  
Old 01-19-2009, 07:13 PM
princeedward's Avatar
princeedward princeedward is offline
 
Join Date: Jan 2007
Location: Deutschland
Posts: 901
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i guess there is really no way to put back my site to the latest situation...i'll have to re-upload the previous data back up to make my site online again...

one question:

is there anyway to search from my latest backup those latest post and bring or pull it up or back again...i mean just those latest post yesterday and today before my site hacked/freeze and mix it to last 2 days ago...because i re-install or upload again those backup from 17 Jan.

thanks and appreciate any help guys...

Reply With Quote
  #10  
Old 01-19-2009, 08:16 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no reason to import a backup, we have already told you how to repair your site, use phpmyadmin to recover the table crash, then use phpmyadmin to find any keywords from the hackers pages, it is most likely he simply modified a template.

Importing a old db is simply going to allow the hacker to do what he did again if you dont update the forums and its hacks.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:00 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09186 seconds
  • Memory Usage 2,311KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete