Some idiot screwing with me.

My forum has been constantly turning on and off..... so now i receive this email

Code:

Alright f**ker..

Here's the deal. You don't want your site going down anymore? You're going to have to do 1 thing.

Give me access to your cPanel for the day. And tomorrow I'll remove my account that has all admin rights. Deal?

How I've been doing it.. hehe.. well, I have a hidden account on your database that has all admin rights. All I want to do is get in your cPanel to copy your database and I'll be on my way.

The way this works is.. you have a lot of users. You'll never find me in the 200,000something users you have. So.. therefore, you need me to give you the account I have so you can delete it. NOW.. replacing your database will not work. For I have a program on my desktop that gives me admin access to any vbulletin forum I want. You want your site safe? Well.. give me your cPanel and we'll call it even. You can change your cPanel password tomorrow.

He keeps turning it on and off how can i put an end to this!!

[Hornstar]

Okay few things.

1st, as vb.com would say

To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

[Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

Next, disable all plugins.

Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it. Do you have the same problem?

--------------------------------------

obviously some of the above will not apply to you, but that is the general first thing you do. Check your plugins and hacks you have done to your board!

--------------------------------------

2nd, you said your database was compromised a few months ago or something. Well that rings alarm bells straight away.
Provide more info on this aspect and it may shed some light.

--------------------------------------

3rd, are you the only admin?

--------------------------------------

4th, are you on shared hosting or a dedicated server?

--------------------------------------

5th, What vbulletin version are you running?

-------------------------------------

6th, what version of php and mysql are you on?

----------------------------------------


Once I know the above info, we can go from there.

[flavoflav2000]

two words - mod security - on you web server - http://www.modsecurity.org/

This will help with the script kiddies - and XSS and system injection attacks - if your server or site was compromised it was because the security sucked.

Also I would make sure you have cpanel server locked down - go to the cpanel forums to find out how.

Do you have shell access to the server?

You may want to run rkhunter and see whats up.

If you have been comprimised for a month - well best advice to you is - redo the server - i.e. wipe it clean and reinstall the OS lock it down, install mod security and trip wire - rebuild your forum etc and go from there.

A system that has been hacked for a month is screwed no matter what you do.

[t3nt3tion]

If you need more in depth help, I`d offer my help : server & forum. Drop a pm if you want to.

[FlyBoy73]

Why is this in the big board forums?

[Brian30fl]

well doh cause its a big board being screwed with