Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 10-01-2013, 07:10 PM
carllaponte carllaponte is offline
 
Join Date: Aug 2013
Location: Illinois
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Site Hacked

I'm sure your all sick of seeing this topic. I just took over a snowmobile Forum b/c previous Admin lost interest, and it was getting flooded w/ spam. I'm learning but I'm very limitied in my computer skills. I have been watching and deleting spammers out of my Forum trying to clean it up. At this point I have deleted the Spammers that got in and made themself admin's. I have had my site restored, changed all passwords, deleted Install directory, and looked thru the plug ins. My problem is I do not know how to identify if a file should be there or not, and the spammers very well may have a back door into my forum. I have contacted my hosting company and they can't help w/ trying to locate a back door. Is there a service that I can hire to help me with this that will be fair on pricing? any idea on what is even fair w/ pricing? Please help...
Reply With Quote
  #2  
Old 10-01-2013, 07:44 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Download the default files from vbulletin members area and apart from the ones for you plugins see what have been changed by going to your admin panel then maintenance/diagnostics/suspect file versions and replace the files needed if you see any files in there that are not part of vb or ur custom plugins delete them if you want to be sure reupload all vb default files again but delete the install folder and the config.php.new file
Reply With Quote
  #3  
Old 10-01-2013, 08:02 PM
carllaponte carllaponte is offline
 
Join Date: Aug 2013
Location: Illinois
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you for your response. I will attempt that tonight.

Wheh I looked through the plug ins I found one that was titled "Thank you the hack" I disabled it, I assume it's spam...??

Does anyone know of a service or a trustable person that I can hire to help me w/ this?
Reply With Quote
  #4  
Old 10-01-2013, 09:48 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The thank you hack is not spam
Reply With Quote
  #5  
Old 10-01-2013, 09:51 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would do the following, to ensure everything is clean.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Reply With Quote
  #6  
Old 10-02-2013, 04:13 PM
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Location: Vineland, NJ
Posts: 6,693
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

carllaponte ,

Are you referring to a vbulletin 4 or 5 site ??
Reply With Quote
  #7  
Old 10-03-2013, 02:40 PM
carllaponte carllaponte is offline
 
Join Date: Aug 2013
Location: Illinois
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry posted this in wrong spot. I'm all good now. I hired socialteenz to fix damage from being hacked and also a list of many other items. Best move I have made since taken over this forum. I would reccomend socialteenz to anyone who is not an expert and wants their forum repaired. Thank you socialteenz!
Reply With Quote
2 благодарности(ей) от:
CAG CheechDogg, Gemma
  #8  
Old 10-06-2013, 07:44 AM
eva2000's Avatar
eva2000 eva2000 is offline
 
Join Date: Oct 2001
Location: Brisbane, Australia
Posts: 577
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.
Reply With Quote
Благодарность от:
CAG CheechDogg
  #9  
Old 10-06-2013, 09:11 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eva2000 View Post
Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.
Can that script be used for vb3.8.x ? seems like a great tool!
Reply With Quote
  #10  
Old 10-06-2013, 10:21 AM
eva2000's Avatar
eva2000 eva2000 is offline
 
Join Date: Oct 2001
Location: Brisbane, Australia
Posts: 577
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah it's originally for vb 3/4 and extended for 5
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:30 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.11643 seconds
  • Memory Usage 2,259KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (3)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete