Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-12-2009, 12:15 PM
Pt1994 Pt1994 is offline
 
Join Date: Jan 2009
Location: United Kingdom
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked and cant work out whats happened

Ok my website has been hacked and it seems the hackers have done some sort of trickery and now it just displays some "game over" page my site is still there in FTP and the database is fine there were some php files in the ftp like e.php and soem other stuff something called zend.php which was supposed to decrypt a vbulletin config file but that would have been no use becuse my database is only acessible from my ip and localhost

How can i fix this stupid game over page?
Reply With Quote
  #2  
Old 08-12-2009, 12:23 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Clean up your filesystem to remove any rogue scripts.
Overwrite your files with a clean copy of vB.
Check your templates and phrases for insertions.
Reply With Quote
  #3  
Old 08-12-2009, 12:29 PM
Pt1994 Pt1994 is offline
 
Join Date: Jan 2009
Location: United Kingdom
Posts: 40
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know
Reply With Quote
  #4  
Old 08-12-2009, 02:45 PM
topranger's Avatar
topranger topranger is offline
 
Join Date: Sep 2007
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

do u access to the server???
i can help check your pm and reply back
Reply With Quote
  #5  
Old 08-13-2009, 07:06 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by topranger View Post
do u access to the server???
i can help check your pm and reply back
Just a warning to those who think they can offer their services by sending our PM's to random members who are looking for help with a problem, other then as a result of a Paid Request, is considered advertising and spamming.
Reply With Quote
  #6  
Old 08-13-2009, 03:42 PM
topranger's Avatar
topranger topranger is offline
 
Join Date: Sep 2007
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

^sorry about it
Reply With Quote
  #7  
Old 08-13-2009, 07:56 PM
Alex LD Alex LD is offline
 
Join Date: Aug 2008
Location: Iowa
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Pt1994 View Post
Im checking through all my logs at th emoment trying to work out actually whats been done to see if a full re-install will be nesecarry

I still cant understand why anyone would want to hack me site i mean we had about 200 members and havent done any advertising really except the link in my signature

--------------- Added [DATE]1250084298[/DATE] at [TIME]1250084298[/TIME] ---------------

Only localhost has ever connected to the databse and none of the word "hacked" isnt in the databse or "hack" so its not a template as far as i know
Hackers may have targeted because you were vulnerable to many reasons such as you could have been using an older version of vBulletin or some Hack for vBulletin that is out dated with a security whole causing them to target you.

"wlhaan" Is a Saudi Arabia Hacking Team/Group.

Are you on Shared Hosting, a VPS, or a Dedicated Server?
Reply With Quote
  #8  
Old 08-13-2009, 09:28 PM
agitated agitated is offline
 
Join Date: Jan 2005
Location: U.K.
Posts: 141
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you're on shared hosting then you ought to be thinking about a move.
I had my second installation of vBulletin, as allowed for testing, installed on my personal website under closed conditions. It was password protected and not open to the public.

Twice it got hacked and my host accepted responsibility, saying several sites got hacked.
I moved to another host after the second attack.
Reply With Quote
  #9  
Old 08-14-2009, 01:01 AM
Jinovich Jinovich is offline
 
Join Date: Mar 2005
Location: England
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Our site is forever targeted by script kiddie groups etc etc as it attracts their attention.

These are steps that can help you identify the issue.
  1. Reupload you vBulletin files
  2. Reupload your style
  3. Disable your plugin and hooks
  4. Check your .htaccess
  5. Check the replacement variable manager
  6. Ensure that it is not some rough html in a notice or announcement.

everytime you complete a step check to see if the problem persists
Reply With Quote
  #10  
Old 08-14-2009, 02:29 PM
Kendothpro Kendothpro is offline
 
Join Date: Sep 2005
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I can almost surely bet that you have an index.html page in your root directory Try removing it, and your forum will be back

It's a common "trick" used by defacers, since most apache installations have a sequence of what pages to serve if you just go to www.yourwebsite.com and most of the time index.html is the first in line, and index.php comes after it
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04493 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete