Go Back   vb.org Archive > Community Discussions > Forum and Server Management

Reply
 
Thread Tools Display Modes
  #11  
Old 10-16-2008, 08:08 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am an idiot...

Just upload the attached file to your server. you will need to change the extension to .php (the file is safe). See if you can run it or if that is redirected somewhere.
Attached Files
File Type: txt hatehackers.txt (45 Bytes, 57 views)
Reply With Quote
  #12  
Old 10-16-2008, 08:11 PM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Quarterbore View Post
A reminder to everyone that this really is easy to prevent!!!

Tutorial: Using the CRON tab to do daily backups and long term MYSQL archives
Thanks, and no thanks.

No, seriously, I didn't know about automatic backups. That's a great tip!



I disabled plugins as you said, and no change, so at least that's narrowed out.
Reply With Quote
  #13  
Old 10-16-2008, 08:16 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

try uploading that file and see if you still have the problem. If so, then it is not a vbulletin or database issue. You may need to rename it forumdisplay.php to me sure as well.
Reply With Quote
  #14  
Old 10-16-2008, 08:35 PM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It shows up fine - "I hate hackers" - and I agree with it.

But afterwards I realized I'd already edited my index.php.

http://www.landofrohan.com/forum/index.php?
Reply With Quote
  #15  
Old 10-16-2008, 08:37 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK, so you uploaded that file to "forumdisplay.php" and it didn't redirect?

This is important as that confirms this is not some server trick!

----------------------------------

The next thing I would do is make a new database and reinstall the forum software to the new database WITHOUT changing your existing site! You can create a new directory as the new copy can be anywhere as you really just need the database. You will need to install the same version you are running now so if you are running 3.6.11 don't install a 3.7.x or you will get errors.

Once it is installed and running, then go to the config file of the hacked forums and change the config file to have it look at the NEW database.

If you don't get this problem, then the issue is certainly in your database!
Reply With Quote
  #16  
Old 10-16-2008, 08:46 PM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh?
Reply With Quote
  #17  
Old 10-16-2008, 08:51 PM
puertoblack2003's Avatar
puertoblack2003 puertoblack2003 is offline
 
Join Date: Aug 2005
Location: Philadelphia
Posts: 1,073
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Berethorn View Post
Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh?
in db start from the last and work your way back..its easier that way. which i've done just my .2
Reply With Quote
  #18  
Old 10-16-2008, 08:56 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Berethorn View Post
Yes, I uploaded it as forumdisplay.php. No redirect. No server trick.

Okay, I'll try that. Meanwhile, if it IS a problem with the database, where is it likely to be? I know the possibilities are endless, but... i have searched the database quite a bit already but it's a big place.

Thanks for all your help, eh?
You said you have a backup from January, restore that to a new database and change your config file to point to the new database and see if you are still redirected. If you are, then the problem is not the database but something they slipped into a file somewhere.
Reply With Quote
  #19  
Old 10-16-2008, 09:21 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no need to use a backup, this is a database driven hack, you need to start searching for phrases he has on that page in your DB, use phpmyadmin, thats fixable, after you find it all, start upgrading your forums & plugins.
Reply With Quote
  #20  
Old 10-16-2008, 09:24 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just wanted to add..... he got onto your site somehow and he will do so again unless to 'fix' the hole in your security. You may need to be talking to your host to help figure out how he got in.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:43 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04242 seconds
  • Memory Usage 2,275KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete