Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 05-08-2010, 04:02 AM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Changing in config.php is enough. But - did you reinstalled everything and I really mean everything ?
If the machine has been "hacked" once, how can you ensure nothing has been modified and that you can trust an installed "security tool" any longer ?

Do backups before of course
Reply With Quote
  #12  
Old 05-08-2010, 12:54 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If there are modified files, like in your case the config.php, then the attacker most likely has not used vBulletin to enter your file system.

Most likely you are on a vulnerable server. Please contact your host and place a fresh copy of all files once your host has secured the server.
Reply With Quote
  #13  
Old 05-18-2010, 08:29 AM
John59 John59 is offline
 
Join Date: Aug 2007
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi to all
i have the same problem,
It all started on the first of May
i cleaned and restore everything to a month ego except the database
and attachments (mainly photos, no programs or any code )
the problem keeps coming buck every 4 - 5 days all .php files are modified
or some del, the first time it happened i also had the above code in all .php
files.
I contacted my host and they just keep giving me advice how to check and secure
my code (VB in my case) and they do nothing,
I also come to believe that the problem is host security problem,
Do you think that if i change host (since they do not seem to accept that it is a host security problem and investigate they are doing nothing to help just polite talk and advices )
will My problems be over??
Ps. I know nothing about programing and .PHP
Only how to upload and use VB (3 years experience)
Reply With Quote
  #14  
Old 05-18-2010, 02:35 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by John59 View Post
Hi to all
i have the same problem,
It all started on the first of May
i cleaned and restore everything to a month ego except the database
and attachments (mainly photos, no programs or any code )
the problem keeps coming buck every 4 - 5 days all .php files are modified
or some del, the first time it happened i also had the above code in all .php
files.
I contacted my host and they just keep giving me advice how to check and secure
my code (VB in my case) and they do nothing,
I also come to believe that the problem is host security problem,
Do you think that if i change host (since they do not seem to accept that it is a host security problem and investigate they are doing nothing to help just polite talk and advices )
will My problems be over??
Ps. I know nothing about programing and .PHP
Only how to upload and use VB (3 years experience)
Well, in that case then you will be better off with another host who takes security more seriously.
Reply With Quote
  #15  
Old 05-18-2010, 02:49 PM
nkmsw8 nkmsw8 is offline
 
Join Date: Jul 2009
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Change all your passwords also. Hosting password, FTP password, Database password, and your Hosting company account login password.
Reply With Quote
  #16  
Old 05-18-2010, 08:31 PM
John59 John59 is offline
 
Join Date: Aug 2007
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nkmsw8 View Post
Change all your passwords also. Hosting password, FTP password, Database password, and your Hosting company account login password.
already did that days ago
the problem keeps coming buck every 4-5 days as it was mansion it seems like the only solution is to change host
Reply With Quote
  #17  
Old 05-21-2010, 04:13 AM
maidos maidos is offline
 
Join Date: Jul 2006
Posts: 925
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

im curious, are you possibly using dreamhost or godaddy and use wordpress for your site
my friend has the same encrypted virus which keep popping up till i removed the code for him... but if its the mentioned host, u should move away
Reply With Quote
  #18  
Old 05-21-2010, 05:11 AM
John59 John59 is offline
 
Join Date: Aug 2007
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No i am not using wordpress
And yes my host is one of the above
Reply With Quote
  #19  
Old 05-21-2010, 08:38 AM
daveaite's Avatar
daveaite daveaite is offline
 
Join Date: Jul 2009
Location: Florida
Posts: 1,890
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The issue could've have begun if you installed some "nulled" scripts. Always a bad idea as the people who null them implant ways to get into your server within those scripts.
Reply With Quote
  #20  
Old 05-21-2010, 12:01 PM
maidos maidos is offline
 
Join Date: Jul 2006
Posts: 925
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by daveaite View Post
The issue could've have begun if you installed some "nulled" scripts. Always a bad idea as the people who null them implant ways to get into your server within those scripts.
in tthis case, i very much doubt it. since godaddy and dreamhost got their servers compromised and they admit it so millions of website got reported injected with that virus site

http://www.wpsecuritylock.com/ninopl...dy-case-study/
even if u dont run wordpress that site got pretty got tip how to secure ur account with godaddy

--------------- Added [DATE]1274447260[/DATE] at [TIME]1274447260[/TIME] ---------------


and a goodperson posted a script to remove the infected code on all files
http://blog.sucuri.net/2010/05/simpl...or-latest.html
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04068 seconds
  • Memory Usage 2,256KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete