My VBulletin Site Hacked

[gooey]

Evening folks,

I had the joy of finding my website hacked this evening. In place of the VBulletin main page was some graphic 'propaganda' about the conflict in Gaza.

My website has now been updated to version 3.8.0 however it appears the problem is with the database. Every time I use the old database the content returns.

Since the site is close to 2 years old, I'd love to be able to keep the database intact.

So my question is, can the database be rescued? If so, how do I do it?

Also, I believe you can change the address of the admin login section. Can anyone offer advice on how I can do it so that the admin area is more secure?

Any questions, please ask.

Thanks.

[Bellardia]

I'm unable to determine where the content is located/stored.

Most likely you can restore the database but I can't tell you because you haven't really explained the problem fully. Think of it as explaining a picture to a man whose never had eyes, every detail counts!

[gooey]

I deleted all the content relating directly to VBulletin and completed a fresh installation of the program (3.8.0).

I then set up a new database which works flawlessly. I tried to restore the old database, which; when triggered in 3.8.0 brings up the hacked front page (previously on 3.7.X).

To me, it looks like the hacked 'code' is in the .sql but I've no idea where to start with cleaning it. The administrator accounts were also disabled meaning I couldn't get in and fix it that way.

[Lynne]

Have you checked your templates and plugins?

[gooey]

My password was changed so there was no way I could get into the admin panel to do all of that.

It's a clean installation of 3.8.0 with no plugins. If I revert to the old database (that I want to keep) it will show the hacked frontpage. It seems to be the database that's the problem but I've no idea how to go about fixing it - or if it can be fixed.

[Lynne]

You can't get into your admin panel? Have you used tools.php to give admin permission to a newly created user so you can get back in?

[gooey]

Let me start again (Lol).

My site got hacked. I couldn't get into the VBulletin control panel at that time.

I went into my webhosting package and took control that way. Ended up deleting all the content and starting from scratch.

A fresh installation of 3.8.0 was completed. A new database created.

Once everything was running, I went back in and tried to revert 3.8.0 (previously running 3.7.8) to the old database. The result was a clean version of 3.8.0 with the hacked front page.

I could not get into the admin panel when the site was hacked, but can now. The fact that 3.8.0 shows the hacked page on the old database makes me think the code is inside the database and not directly in VBulletin. I'm trying to establish if I can save the database because there's alot of content in it.

Also, I'm trying to find out if I can change the address of the admin login to a 'custom' one for added security i.e. NOT admincp/index.php.

Hope that's a bit clearer.

[Bellardia]

The login system for vbulletin is pretty secure. If you're worried I'd recommend setting a harder password (10 characters, letters + numbers, NOT A WORD). It would be almost impossible to crack.

I'm assuming the code for the images is located in one of your templates, have you tried creating a new style, do the images appear on that style as well?

[gooey]

I'm using the default layout, always have.

As I say though, I reinstalled everything and yet the images still appear when I use the old database.

[Lynne]

How about if you turn off all your plugins via config.php and if you also use a default vb style. Do you still get the hacked front page?

Create a new style with no parent - Styles & Templates > Style Manager > Add New Style > no parent - then browse the site using that totally default vbulletin style - do you still have the same problem?

If it is still happening, then try disabling your plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

PHP Code:

define('DISABLE_HOOKS', true);