Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page site hacked by lasttouch
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-23-2013, 08:58 PM
VAG VAG is offline
 
Join Date: Jul 2010
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default site hacked by lasttouch
<a href="http://www.vagcommunity.com" target="_blank">www.vagcommunity.com</a>

did a full re-install of everything and removed thousands of suspicious files. Blog is up, forum is still not up. How to fix that?
Install folder deleted.

Thanks for your help.
Reply With Quote
  #2  
Old 10-23-2013, 09:37 PM
tbworld tbworld is offline
 
Join Date: Oct 2008
Posts: 2,126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The following guides and best practices should get you up and running again. Be thorough when using them, and sorry you were hacked.

http://www.vbulletin.com/forum/blogs...vbulletin-site
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
http://www.vbulletin.com/forum/forum...-1-vbulletin-5
Reply With Quote
Благодарность от:
Max Taxable
  #3  
Old 10-25-2013, 11:00 AM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
do you do a database backup? I use mysqldumper for that and use perl to create auto daily backups. I also got hacked this week and ended up just restoring. Getting my site back took all of 15 minutes which then allowed me the time to follow all of the same links as above to then fix any holes.

As of now im ok.....

--------------- Added [DATE]1382702515[/DATE] at [TIME]1382702515[/TIME] ---------------

failing that, email the hacker and thank them for finding a hole in your site and ask them for help in fixing it.
Reply With Quote
  #4  
Old 10-25-2013, 11:46 AM
VAG VAG is offline
 
Join Date: Jul 2010
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I removed all malicious files and did a reinstall of all the software but I still cannot get the forum to work. As I was planning to take it down anyway, might save myself the troubles and shut it all down right now.
Reply With Quote
  #5  
Old 10-25-2013, 11:56 AM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
reinstall of the software? so you set up a new database? if its a fresh install i highly doubt it... im guessing this isnt the case as you would still have posts and users. Did you do any backups of your database?

Adding to above, in cleaning ive just found 15 new admins...... and a bunch of new plugins.....
Reply With Quote
  #6  
Old 11-12-2013, 04:16 PM
VAG VAG is offline
 
Join Date: Jul 2010
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My customer wants the old forum back up and running. So I need to dig deeper. Everything is replaced by the new files and all malicious files have been removed. There is some nasty redirect at http://www.vagcommunity.com/forum/forum.php which I can't replace. So i am asking for your help.
I can access admincp without problems. And sadly, I have no backup of the database..

Anyone?
Reply With Quote
  #7  
Old 11-12-2013, 04:41 PM
Bladed Bladed is offline
 
Join Date: Nov 2013
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Search your database for the code. It's in there and you need to delete it. you'll need to search multiple times to make sure it is gone.
Reply With Quote
  #8  
Old 11-12-2013, 09:18 PM
VAG VAG is offline
 
Join Date: Jul 2010
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Finally it's fixed Thanks for the help. There was some malicious code in the database.
Reply With Quote
  #9  
Old 11-13-2013, 09:27 AM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I use a program called mysqldumper

It does auto backups of each database daily and deletes 3 day old ones. It allows you to upload sql files in excess of 50mb (which is the limit for a lot of hosts) and you can also download all backups.

As I said above, I also got hacked and just by resetting the database from the previous backup I lost 0 posts and threads and got my site back up and working within 5 minutes.

Id suggest you do this also, its a brilliant program.

Matt
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:03 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04044 seconds
  • Memory Usage 2,231KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (1)post_thanks_box_bit
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete