Site Hacked

[sdfontanini]

<a href="http://www.coloradoevo.com" target="_blank">www.coloradoevo.com</a>

Site was hacked about a week ago, no backup copies available from the server hosts as they just updated their software and the only copy is the hacked version.

I went and upgraded my site to 4.1.9 from 4.1.5 and installed everything but the site still won't return to its original state.

I can't even log into the Admin Panel

Every folder I visit takes me to the same main page.... like a redirect

Please visit my site above and see if you can help me out

thanks

Steve

[Skivey]

For starters we need someone here to determine what the simple security flaws were here so that I can make sure I dont get the same probem with my site!!

I was able to get to your cpanel, so you should be able to get into your ftp.

It says nothing was deleted, so within ftp id guess that they moved everything up one folder or just renamed your index.php and probably your .htaccess file.

Contact your host, I also had a problem where I had accidently deleted my site (I was ment to delete a different one and didnt realise i was in the wrong folder!) and although there were no backps in my backups folder, the host had backups.. and were able to fix it for me for $50.

Im no expert, so appologies if what I put are wrong..... but this is what id be doing right now!

--------------- Added [DATE]1324552839[/DATE] at [TIME]1324552839[/TIME] ---------------

oh and take your site down

[borbole]

Can you check the db, is it still intact?

Try to overwrite your forum files with a fresh set from the vb package of your forum version. Then contact your host to check their logs and see what ecactly went down.

[sdfontanini]

I have accessed the server, and it appears everything is still there, and I have tried to override the files with backups, but still no success... checked both the .htacess and the index.php files and both seem to be okay. not sure how this hack is working...

[Max Taxable]

Looking at the page source, there is nothing at all of vBulletin in it. So you're looking in the wrong spot if you're looking in vBulletin files. This appears to be on your root.

[sdfontanini]

yeah I also read the page source, I've been looking in my root folder and there is nothing like this in there, not even an html file, this is why I'm so confused... you can also try to navigate to other pages on my site and before it would redirect to that main Hacker Page, but now since I tried replacing these files with a backup copy I'm getting a 404 page...

--------------- Added [DATE]1324604431[/DATE] at [TIME]1324604431[/TIME] ---------------

Updated again to 4.1.9 and it looks like I now have access to the AdminCP

But where to go from here???

[Lee Roberts]

It could be a Symlink on your index file('s) take a look at this then see if you can find anything out, you may need SSH to view those links or in cpanel. http://en.wikipedia.org/wiki/Symbolic_link

[hivitro]

1- If your DB exist, make a backup from phpmyadmin or the host backups tools

2- rename your Forum path to forumhacked and copy the original files of vb4.1.9 to your forum path

3- Upgrade vb /install.php -> upgrade to have and funtional forum

4- Check for /images or avatars to restore the profieles in /forumhacked -> /forum

5- Re install Plugins, but.. check the source of this external files....

[sdfontanini]

I've got other sites on my server space and none of them are affected just the vbulletin pages.

Can't find anything in my root folder that would cause this...

--------------- Added [DATE]1324617182[/DATE] at [TIME]1324617182[/TIME] ---------------

Every page gets redirected back to this Hacker Main Page

--------------- Added [DATE]1324617824[/DATE] at [TIME]1324617824[/TIME] ---------------

can someone post their .htaccess code, not sure what it's suppose to look like