Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 05-13-2011, 05:14 PM
Chmura Chmura is offline
 
Join Date: May 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Forum got Hacked - Need help recovering

My forum was hacked a few hours ago. I haven't made a backup of the database in a month and I don't know if my files are backed up, will need to check my laptop that's at a different location later.
I don't know what to look for to find the "Hacked by" file.
It's not in index.php or forum.php where do I find this?
They also sent emails to every single member (17,500+) on my forum.
What steps do I need to take to recover from this?
I was running on 4.1.2

I can't login as admin and they banned all members
Cyb Advanced Forum Rules is NOT installed on my forum
Reply With Quote
  #2  
Old 05-13-2011, 05:57 PM
K!nG K!nG is offline
 
Join Date: Dec 2010
Location: United States
Posts: 477
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

was it just hacked or they also deleted all the files and database from the server ???? my forum was hacked but they just deleted all my sites directories but luckily they didn't delete the databse. chek n see if you are lucky enough & i would suggest just upload all new files or the last backup that u have.
Reply With Quote
  #3  
Old 05-13-2011, 06:03 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Download your version of vb from vbulletin.com and upload all the default files (keep a copy of your includes/config.php file!). Unless you modified them, then the default ones you download should be fine.

My thoughts - if you have no idea what to look for in your database, then you are better off using a backup.

Please learn from this and make more frequent backups or ALL your data.
Reply With Quote
  #4  
Old 05-13-2011, 08:41 PM
Chmura Chmura is offline
 
Join Date: May 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.
Reply With Quote
  #5  
Old 05-13-2011, 10:19 PM
CK CK is offline
 
Join Date: Dec 2007
Location: http://xenforo.com/
Posts: 241
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You've spoken to the hackers, tell us more.
Reply With Quote
  #6  
Old 05-13-2011, 10:32 PM
dale09 dale09 is offline
 
Join Date: Nov 2009
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ChemicalKicks View Post
You've spoken to the hackers, tell us more.
I was curious about this as well. Did he schedule a dinner with them? lol
Reply With Quote
  #7  
Old 05-13-2011, 10:36 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Chmura View Post
I have talked to the hackers and they gave me these tips:

have a 20 character long password upper lower case, numbers, symbols
delete group.php
change the directory of admincp and modcp

As for the forum nothing appears to be deleted, I'm working on restoration right now.
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.
Reply With Quote
  #8  
Old 05-13-2011, 11:12 PM
Chmura Chmura is offline
 
Join Date: May 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dale09 View Post
I was curious about this as well. Did he schedule a dinner with them? lol
Hahah
I found the kids YouTube channel by the username he left on the defaced page and contacted him. Soon we started chatting on MSN and it turns out it was his buddy whom I also talked to that did the hacking. They somehow decrypted my password and got access to my admin cp where one of them messed with my usergroups, admin etc. Fortunately they didn't delete anything, gave me the admin login and helped me get everything back to normal. After that I followed the tips they gave me to secure the forum.

Quote:
Originally Posted by Boofo
As far as changing the admincp and modcp names, it is actually easier and secure enough to just password protect those directories in your htaccess file. Finding out the names to those directories isn't really that hard for someone to do.
Great idea! Will do that too.
Reply With Quote
  #9  
Old 05-13-2011, 11:27 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I also have the install directory password protected just in case they want to try and play with anything in there.
Reply With Quote
  #10  
Old 05-13-2011, 11:32 PM
MagicThemeParks's Avatar
MagicThemeParks MagicThemeParks is offline
 
Join Date: Sep 2009
Posts: 850
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry to hijack, but what's the easiest way to password protect the directories, Boofo?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:49 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05816 seconds
  • Memory Usage 2,250KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete