Forum hacked

[Traxdata]

The problem found, it was also infected .htaccess file in www, I have added one in root but not in www............... shame on me.

. so if one of you will ge the same issue.

But still - it were about 10 infected vbulletin files - you have to delete them, you can easily find them but checking the date - the older and not changed ones are harmful, only recently changed you have to delete and replace with old original files.

The problem came with Filezilla, it seems to be well known problem, I would recommend to login with SFTP and not with FTP if using Filezilla and then changing all the PWs.

--------------- Added [DATE]1357146302[/DATE] at [TIME]1357146302[/TIME] ---------------

Quote:

Originally Posted by Simon Lloyd

It seems to me that one or more of your core files hasn't been overwritten, you will also have a file or two which doesn't belong in your forum root which is rewriting the infection every time it doesn't see it, my suggestion would be to rename your forum folder add a new folder then name it to what your forum folder was, upload all fresh files (with the install/install.php deleted and the config.php.new edited for your database and renamed to config.php) and then try to access, if you can then you need to search your old folder for files that shouldn't be there, delete them, then upload with overwrite via ftp in ascii mode your fresh files in to the renamed folder, rename the temp folder to something else and then rename your old folder back to it's original and see how you go.

YEs, it was the first I did, I deleted and replaced all recently changed files (.php), all index.html and other .html files, and have created new .htaccess but did not in www, it was such waste of time! I could be ready within 10 minutes.

Database was not effected - thankfully!!! since it could take ages to restore.