At this point we don't know if your site has been compromised. It's a guessing game at this stage. The way to investigate is to minimize all unknown to questionable variables and go from there.
1). Set yourself as the only administrator, don't promote any other user for the time being.
2). In config.php, insert your userid in the area to limit the editing of users. This way, if it is something gaining access via the admin cp, they at least will not be able to edit your admin account.
3). Make sure the tools.php folder isn't accessable or uploaded.
4). Rename your admincp and modcp folders and then .htaccess them for an extra layer of protection.
The above should stop anyone gaining access via software, however, if they still get through the above, chances are there's a security breach somewhere along your server and you would need to contact your host and have them check the logs and such.
I agree with all the steps given above, especially step 2. Also to add a little bit more security, make sure that you put a blank "index.html" page in almost all the folders that need one. Not having an index page allows people to look into your files and folders and they might find something within your files to steal data.
Make sure too that you've set your Admin account as uneditable -- that way, he won't be able to remove you, if this is just simply another administrator messing with you. But if your actual site is being hacked, then this would only protect you if the intruder didn't know his way through vbulletin or was just an idiot.
Optionally, also check your admin logs to see if it is another administrator tinkering around. See what has been done and move from there. The above listed steps are the most crucial though and should prevent it from happening again, pending it's not something server-side.
06-15-2006, 12:27 AM
Linear Mode
