The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
||||
|
||||
Hopefully that will work, if not report back, and let us know.
|
#12
|
||||
|
||||
Revert the forumhome template, chances are they modified that. The blog posts over on vBulletin.com cover fixing this stuff. Very well too.
|
Благодарность от: | ||
CAG CheechDogg |
#13
|
|||
|
|||
I don't know if this helps you guys in anyway, but here are a few of the comments from the two webmasters. Any comments about future protection? We believe we are clean at serious now. I hid their email addresses.
This is 'one' of the hacks we were infected with and the one that's caused the most trouble. They had access to all of our files AND databases and injected code throughout the databases. http://www.derekfountain.org/security_c99madshell.php On Mon, Sep 30, 2013 at 8:50 PM, *****wrote: hmmm... we were told today the server house carried the infection to us,,, and thousands more we locked our front door until the server is clean In a message dated 9/30/2013 8:31:08 P.M. Eastern Daylight Time, *****writes: It's not coming through the site files, I've cleaned all those...it's being injected from the database. On Mon, Sep 30, 2013 at 8:21 PM, ******* wrote: go to your .exe file and find this entry >> 1E161D6D.exe see if you can delete it if it's there In a message dated 9/30/2013 8:16:56 P.M. Eastern Daylight Time, *****writes: Yeah....there's a redirect javascript buried in there somewhere. I'm chasing it now. Got rid of everything else though. I'd like to pummel the nerd that put this one together. On Mon, Sep 30, 2013 at 8:09 PM, ********* wrote: I just logged on SO and entered my password to look around my MS virus blocker went apeshit as soon as I clicked on the forum header 8 pings in 3 minutes... quarantined every ping wow, bad bad bad btw, this same virus crashed the U of Colorado website and countless others |
#14
|
|||
|
|||
Mine got hacked on Monday. Everything was corrupted and the only option was pulling the site down completely.
However, I did manage to log the IP: 176.45.4.205 |
#15
|
||||
|
||||
Cool. Now you only have to get SaudiNet to cooperate.
|
#16
|
|||
|
|||
|
#17
|
||||
|
||||
my site was also hacked ... they put this page ..
Quote:
|
Благодарность от: | ||
findingpeace |
#18
|
|||
|
|||
Thank you, I have added this to my collection of variances for this exploit. The good news is this is just using the same initial exploit so after you cleaned your site "carefully" and follow the latest guidelines you should be okay. Normally, I don't like exploits posted, but at this point it is all over the web, and education is the best policy now -- in my opinion, I am only a volunteer and I am not directly affiliated with vbulletin.
If I can help with information, please feel free to ask. Do you have your board up and running again? |
2 благодарности(ей) от: | ||
findingpeace, hhumas |
#19
|
||||
|
||||
Everyone should report the page:
https://www.facebook.com/Str4whatPir...itmentZone.gov And group: https://www.facebook.com/groups/Str4...itmentZone.gov Both listed in your malicious code, hhumas. With enough reports, these will be taken down for promoting hacking / cyber attacks. I just reported too, for violence/threat of attack. |
#20
|
|||
|
|||
Okay I need help badly.
1. I have restored my older version of Web files. 2. Upgraded to newer version of VB ....now vb 4.2.1. 3. Cleaned suspect files. 4. Looked at the plugin. Still nothing ..... My forum is showing forum.php that is not the physical forum.php on the webserver. There must be an entry somewhere that is displaying the page. Here is the link to my page. What else do i ahve to do ???? http://forum.automationmedia.com/ |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|