The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#21
11-06-2014, 05:29 PM
|
||||
|
||||
Quote:
I agree not to share the hack. 
|
|
#22
11-06-2014, 08:06 PM
|
|||
|
|||
|
Bottom line, he is probably going to have to hire someone to clean it all up and then add some isolation code with some additional tracking. If he hires the right professional he will learn a ton during the process. I would suggest paying extra to the consultant with this in mind. Find a consultant with great communication skills. Sorry you were hacked! (-- Yes, I know I changed grammatical person. --)
FYI: I do not run a business that assists others in vbulletin problems, programming or maintenance. Therefore, I am not saying this for my own benefit.
|
|
#23
11-06-2014, 08:55 PM
|
|||
|
|||
|
Quote:
- oh no! Tapatalk not Update - attachment now i changed back to database system hacker delete all .htaccess file to have access to open protected directory .. --------------- Added [DATE]1415314827[/DATE] at [TIME]1415314827[/TIME] --------------- Quote:
|
|
#24
11-06-2014, 09:16 PM
|
|||
|
|||
|
Quote:
If you can rollback, then do so. Use a professional to add some isolation and tracking code in case you are hacked in the future and move on in your life. Plugins and modifications are always risky unless you know what you are doing. If you stay up-to-date with your modifications from Dbtech, you should be fairly safe. All software has the possibility to be hacked.
|
|
#25
11-06-2014, 10:19 PM
|
||||
|
||||
|
Quote:
|
|
#26
11-06-2014, 10:25 PM
|
||||
|
||||
|
yeah, Dbtech mods are great. I meant a hacked/nulled version that some people try to get online so they can use with out a license. That always is asking for trouble.
If you bought it from DBtech or downloaded it here then I am sure it is something else.
|
| Благодарность от: | ||
| tbworld | ||
|
#27
11-06-2014, 10:47 PM
|
|||
|
|||
|
Quote:
Quote:
my hosting say hacker inject via script/mod to upload msd.zip and try find config.php to see database username and password .. and then run msd script ..,
|
|
#28
11-06-2014, 10:53 PM
|
||||
|
||||
|
Well I would follow all the stuff in the blogs I linked you to in post #6 https://vborg.vbsupport.ru/showthrea...02#post2521602
|
|
#29
11-06-2014, 11:05 PM
|
||||
|
||||
|
Muhammad when was your last back up of your site before this hack occurred? You may have to at the worst revert the site to that point when it was not hacked. That is a last ditch effort though and should only be done if nothing else can be, mainly because you would lose some data in that process so save that option for last but be prepared it might come down to that.
Steps you should take: 1. Go to members.vbulletin.com, login and download the same version that you are running on the site. 2. Unzip it and upload all the vbulletin core php files in binary only. You probably won't have to upload your images but you should check them just to be sure sometimes these hackers will change them. So download those from your web site and check them to be sure that they are not files that are hacked (or look like they are supposed to). If the images have been hacked them upload them as well but NOT in binary mode. 3. Go into your admincp and look on the left side column and find "Maintenance" click it to open if its not open and then go to "Diagnostics". Now on your right you will see "Suspect File Versions" click the "Submit" button under it. This will give you an idea of what files have been changed, are not part of vBulletin, or compromised. Just because it says that its not part of vBulletin does not mean that its a hacked file. It maybe a part of a mod you are using. But if there are weird ones or ones that really you do not remember uploading then download them to your PC desktop and check them in some thing like Dreamweaver or HTMLKit. You can check the code. 4. Go to "Usergroups>Usergroups Manager" Tick the drop down on the right and choose "Show All Primary Users" if you do not recognize an admin account try to delete it. If you cannot and it gives you a message about the account not being able to be changed then you will need to download your includes/config.php file and check the Undeletable Admin portion against the ID of that account in your admincp and take out the ID, save the file and upload it again. After you upload it again try to delete that admin account again. 5. Now still in the Usergroups Manager tick the drop down next to the Administrators and choose "Show All Secondary Users", again if you do not recognize the accounts delete them, if you cannot and get a error message then remove them from your config.php and try to delete them again. 6. Now go to "Styles & Templates" on the left side bar and click it to open if its not already open. Click on "Style Manager". Find the style you are using on the site. Click the drop down on the right and choose "Edit Templates". Click the first button next to "All Template Groups" it should look like this: << >> This will show all your templates. Scroll down and when you come across one that is in red open it and look to see if you see the hackers code in the template. If not cancel and move on to the next template in red. If you see the hackers code in your template then copy and paste all the template code into a notebook file and save it and then click on the template in the list and click the "Revert" button. You save the template in a notebook file just in case there is coding that has been changed and you need it. OR......you can just create a new skin and try working within it instead, but that would mean that any template modifications that have been done due to a mod or you have done personally would need to be redone. So that is up to you on that one which way you go. Once you have gone through all the templates and gotten rid of the hackers code if its there you should have been able to get rid of the hack by this point. If not... Well if not then it might be in the database which is the worse case scenario I was discussing further up. This is where you might have to go to your last back up of the site before the hack happened. After you get rid of the hack you will need to perform some basic things on the site to ensure that you are more secure in the future. You can find info on getting secure here: https://vborg.vbsupport.ru/showthrea...ghlight=hacked Hope this helps and sorry if its was long winded or things you already knew to do. --------------- Added [DATE]1415322405[/DATE] at [TIME]1415322405[/TIME] --------------- Quote:
msd is MySQL Dumper its a script that will dump your entire database! Its used for backups or to physically change your database. This would need to be removed immediately.
|
|
#30
11-07-2014, 12:06 AM
|
|||
|
|||
|
thanks HM666 ..
all file ready restore to before site hacked and not found msd folder again
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 08:46 AM.