Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 05-01-2008, 07:55 PM
IntellectToday IntellectToday is offline
 
Join Date: Feb 2008
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default We've Been Hacked! Help!

<a href="http://www.intellecttoday.com" target="_blank">http://www.intellecttoday.com</a>

We've been hacked. I don't know how, I don't know why, but it has happened.

Now the question is - how do I reverse it?
Reply With Quote
  #2  
Old 05-01-2008, 08:03 PM
markbolyard's Avatar
markbolyard markbolyard is offline
 
Join Date: Apr 2005
Location: Maryland
Posts: 629
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have nightly backups of your forum's database? Files?

PM me, and I'll see if I can help you out.

--------------- Added [DATE]1209677005[/DATE] at [TIME]1209677005[/TIME] ---------------

Got your PM...

Replied. Can you log into your admincp?
Reply With Quote
  #3  
Old 05-01-2008, 08:30 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

All I see is a white page. Did you add a hack recently?
Reply With Quote
  #4  
Old 05-01-2008, 08:34 PM
markbolyard's Avatar
markbolyard markbolyard is offline
 
Join Date: Apr 2005
Location: Maryland
Posts: 629
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Go to showthread.php. I think he removed the index.php or added a index.html to hide it.
Reply With Quote
  #5  
Old 05-01-2008, 08:37 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK,I see it now. Thanks, Mark.

You need to disable the plug-in system in the config.php and see if that fixes it and then check your added hacks one by one to see which one is causing it.
Reply With Quote
  #6  
Old 05-01-2008, 09:05 PM
markbolyard's Avatar
markbolyard markbolyard is offline
 
Join Date: Apr 2005
Location: Maryland
Posts: 629
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've got some things to do but will be back later this evening should you need some help with this. Good luck getting it back. Hopfully it's something monor, but worse case, restore your complete backup, perform a upgrade from RC4 to Gold, and verify your hacks installed are secure.
Reply With Quote
  #7  
Old 05-02-2008, 07:06 PM
toonysnn toonysnn is offline
 
Join Date: Sep 2006
Location: Texas
Posts: 511
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Looks like you were hacked..again. I was looking at the traffic over night (Cause I had nothing to do. ).

I suggest you check with your host, see what's going on, and if needed, patch it.
Reply With Quote
  #8  
Old 05-02-2008, 08:16 PM
SmileyR SmileyR is offline
 
Join Date: Mar 2008
Location: Florida
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yea looks like it but it appears all they did was edit the templates u can fix that by reverrting or i think by DB restoration just after thats done change ur CPanel pass, admin pass, and ftp if not linked to ur cpanel... and be more careful
Reply With Quote
  #9  
Old 05-03-2008, 01:38 PM
Big Boss's Avatar
Big Boss Big Boss is offline
 
Join Date: Jan 2008
Location: Cleveland, OH
Posts: 55
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's always a good idea to make a weekly backup, though a daily backup is even better.
Reply With Quote
  #10  
Old 05-03-2008, 02:13 PM
IntellectToday IntellectToday is offline
 
Join Date: Feb 2008
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, I've learned quite a bit from this experience.

We were able to restore the site - twice! And I now make nightly backups, and my host does the same.

I would like to thank everyone who helped out!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05707 seconds
  • Memory Usage 2,239KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete