Site Hacked

[carllaponte]

I'm sure your all sick of seeing this topic. I just took over a snowmobile Forum b/c previous Admin lost interest, and it was getting flooded w/ spam. I'm learning but I'm very limitied in my computer skills. I have been watching and deleting spammers out of my Forum trying to clean it up. At this point I have deleted the Spammers that got in and made themself admin's. I have had my site restored, changed all passwords, deleted Install directory, and looked thru the plug ins. My problem is I do not know how to identify if a file should be there or not, and the spammers very well may have a back door into my forum. I have contacted my hosting company and they can't help w/ trying to locate a back door. Is there a service that I can hire to help me with this that will be fair on pricing? any idea on what is even fair w/ pricing? Please help...

[ForceHSS]

Download the default files from vbulletin members area and apart from the ones for you plugins see what have been changed by going to your admin panel then maintenance/diagnostics/suspect file versions and replace the files needed if you see any files in there that are not part of vb or ur custom plugins delete them if you want to be sure reupload all vb default files again but delete the install folder and the config.php.new file

[carllaponte]

Thank you for your response. I will attempt that tonight.

Wheh I looked through the plug ins I found one that was titled "Thank you the hack" I disabled it, I assume it's spam...??

Does anyone know of a service or a trustable person that I can hire to help me w/ this?

[ForceHSS]

The thank you hack is not spam

[ozzy47]

I would do the following, to ensure everything is clean.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

[Princeton]

carllaponte ,

Are you referring to a vbulletin 4 or 5 site ??

[carllaponte]

Sorry posted this in wrong spot. I'm all good now. I hired socialteenz to fix damage from being hacked and also a list of many other items. Best move I have made since taken over this forum. I would reccomend socialteenz to anyone who is not an expert and wants their forum repaired. Thank you socialteenz!

[eva2000]

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.

[Simon Lloyd]

Quote:

Originally Posted by eva2000

Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.

Can that script be used for vb3.8.x ? seems like a great tool!

[eva2000]

yeah it's originally for vb 3/4 and extended for 5