Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
Reload this Page forum hacked
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 10-19-2011, 08:16 PM
Lestat_ Lestat_ is offline
 
Join Date: Apr 2011
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default forum hacked
a few hours ago, when login to our vbulletin forum, i get a blank page with message "hacked by Xplo1T www.prvtzone.net www.belegit.net "
I already checked all php & js files, but none has been changed today, no htaccess files have been changed neither, so i'm guessing it has been done with a kind of redirect parameter in the database - anybody has an idea how i can fix this ? where in the database i should look for a parameter causing a redirect ?
Reply With Quote
  #2  
Old 10-19-2011, 08:52 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.
Reply With Quote
  #3  
Old 10-19-2011, 08:53 PM
LeventX's Avatar
LeventX LeventX is offline
 
Join Date: Nov 2010
Location: Turkey
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Your Server Apache or LiteSpeed ?
Reply With Quote
  #4  
Old 10-19-2011, 09:40 PM
GavoTrav's Avatar
GavoTrav GavoTrav is offline
 
Join Date: Jun 2011
Location: Ireland
Posts: 113
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
nevermind..
Reply With Quote
  #5  
Old 10-20-2011, 11:42 AM
Lestat_ Lestat_ is offline
 
Join Date: Apr 2011
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed
Reply With Quote
  #6  
Old 10-22-2011, 02:00 PM
River J River J is offline
 
Join Date: Jun 2011
Posts: 73
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by nerbert View Post
I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.
Clicking a link to a forum isn't going to do anything.....the forums are just full of scrubs who know how to follow tutorials posted online
Reply With Quote
  #7  
Old 10-22-2011, 02:04 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Lestat_ View Post
thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed
You need to identify the admin userid numbers in config.php as unalterable/undeletable users. This will prevent password and other changes.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:03 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03978 seconds
  • Memory Usage 2,210KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete