The Arcive of Official vBulletin Modifications Site.

pyes · #1 07-17-2012, 12:48 PM

How do i unhack it? Im sure the hacker only infiltrated the vb software and not my server. Which completely pisses me off either way. I sure it has happened to someone here...how did you fix it.

I can not find any altered files though in the control panel.

ironjuggernauts dot com

DirtRider · #2 07-17-2012, 12:58 PM

It seems to be the header that he has altered also your forum title

kh99 · #3 07-17-2012, 01:10 PM

You already checked for suspicious files, that's good. I would run this script: www.vbulletin.org/forum/showthread.php?t=281080 and then also go to the Plugin Manager and see if you notice any strange looking plugins.

TheLastSuperman wrote an article about recovering a hacked system here: https://www.vbulletin.com/forum/cont...vBulletin-Site

pyes · #4 07-17-2012, 01:18 PM

yes i have checked and my hosting company is checking now also and thinking of doing a server restore.

I cannot log into my site or my admin panel.

however, i can log into my server and control panel. I will check out those links ty.

--------------- Added [DATE]1342535874[/DATE] at [TIME]1342535874[/TIME] ---------------

i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.

KProjects · #5 07-17-2012, 01:58 PM

Do you have ssh access?

If so, find files that were last updated in the past week or so.. and look through to see what they are. Once you find the hacked files, restore from a backup (database and files) from before that time. If you can't find anything that was changed (like if they modified things in the database), then pick a known-good point and restore from then.

pyes · #6 07-17-2012, 01:58 PM

is there a way to get me back inside my forum? im locked iout from password change or something. Is there a way to change my password via the server control panel?

--------------- Added [DATE]1342537242[/DATE] at [TIME]1342537242[/TIME] ---------------

i dont even know what an ssh is...lol sorry. Im not that savy....just the basics.

KProjects · #7 07-17-2012, 02:00 PM

Quote:

Originally Posted by pyes

i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.

Just go to: http://www.yoursite.com/tool_recompile.php

pyes · #8 07-17-2012, 02:25 PM

nope, still getting the same screen and i can log in

--------------- Added [DATE]1342539725[/DATE] at [TIME]1342539725[/TIME] ---------------

cant*

borbole · #9 07-17-2012, 03:30 PM

Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

pyes · #10 07-17-2012, 03:42 PM

Quote:

Originally Posted by borbole

Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

My host has to do the backup restore for me as I pay them extra to maintain the server. Im just waiting on them and they are slow. (ccihosting). I will do as you said and update vb versions as soon as i can get into my site. I will also run the updater as you mentioned.

My server company is the ones who said that the server was not compromised....they said it stemmed from Vbulletin. IDK. Im just going by what they said.

I may be looking for someone to head my security and will pay, if anyone is interested.

--------------- Added [DATE]1342543493[/DATE] at [TIME]1342543493[/TIME] ---------------

This is what they told me:

We suggest you to access the WHM/cPanel and change all the passwords for your site and e-mail accounts. The website is hacked but the cPanel information still works.

Probably the site was hacked because a vulnerability of vbulletin. Please make sure to check that you have the must recent version of the vbulletin software.

There are daily, weekly and monthly backups for the site in the server right now and it will be possible to restore the site to a previous state.

Let us know your comments.

Best Regards,

Nexar Donadio
Senior Technician
CCI Hosting
www.ccihosting.com
Panama, Republic of Panama

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04223 seconds Memory Usage 2,251KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!