The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
10-19-2013, 12:22 PM
|
||||
|
||||
Site hacked please assist
In response tto this thread:
https://vborg.vbsupport.ru/showpost....&postcount=101 Site URL. www.wyedeancanoeclub.co.uk (Those reading this please note to not visit the site unless you're experienced in dealing with matters such as these as your pc can possibly become infected) Description of what's going on. Infection details http://labs.sucuri.net/db/malware/ma...-mwjsiframe213 Scan here http://sitecheck.sucuri.net/results/...anoeclub.co.uk NOTE: I am working my way through this - Here is vbulletins advisary for cleaning up after this hack. First you need to follow our advisory about deleting the install folder off your forums. Then please read the following two blog posts: http://www.vbulletin.com/forum/blogs...ve-been-hacked http://www.vbulletin.com/forum/blogs...vbulletin-site Also please see these recent security announcements: vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions Ok I'm struggling with a couple of things, so far I have done the following by reading this thread: http://www.vbulletin.com/forum/blogs...ve-been-hacked but have a couple of questions as well. 1. I have deleted the "Install" folder and all of it's contents 2. I changed my CPanel, FTP, Admincp passwords and my freind added .htaccess to admincp, modcp and includes 3. I have removed 8 "Admin User Accounts " that where defiantly used buy the attacker 4. I have disabled and removed the plugin titled "Product : vBulletin" Next steps I will need some help with! At present I do not have a database backup, I have sent a support request to my hosting company and am awaiting a reply on that. QUESTIONS? 1. Before I deleted the plugin "Product : vBulletin" I took detailed screen captures and notes of the scripts that were run. Would it help if I added this information here? 2. Can I view a log of any database changes that were added by the attack 3. "Restoring the default vBulletin files" If I delete all my vBulletin files Version "4.1.5" on the server and upload "the latest stable version 4.2.2", then run the upgrade (Basically following the upgrade procedure) will this error or clear any database changes the hacker has done, or am I better to just re-upload and overwrite all the 4.1.5 files I have on there at present to see if that clears it? I plan to dump the database and back that up before I run any upgrade. Here is a screen cap of the admin log  Thanks in advance for any help! --------------- Added [DATE]1382256700[/DATE] at [TIME]1382256700[/TIME] --------------- Still looking into this and still waiting for some advise! This is a list of the actions performed by the plugin listed - Product: vBulletin   Here's a complete list of the plugins I have at present: http://i38.photobucket.com/albums/e1...ps3a31cc3e.png PS: Waiting for advice before I upgrade to 4.2.2 
|
|
#2
10-20-2013, 05:45 PM
|
||||
|
||||
|
I would guess you want to delete all those plugins listed under "Product: vBulletin" unless you added it yourself and know what it does.
Upgrading your site will most likely not fix any hacking that was done. Did you go through your templates? I have seen several hackers modify templates and add in back code.
|
|
#3
10-20-2013, 05:55 PM
|
||||
|
||||
|
I don't really have many template mod's - I only installed one Style and edited in a couple of places . I can remove that and just start fresh with the vBulletin default if need be (will this help)?
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 04:58 PM.