Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Cleaning after hack
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-25-2013, 11:49 AM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Cleaning after hack
Ive just deleted about 15 'new' administrators

Any idea what these are?

http://postimg.org/image/5fd9xpgu5/

Matt

--------------- Added [DATE]1382705488[/DATE] at [TIME]1382705488[/TIME] ---------------

this is the contents

http://postimg.org/image/dlzo3jwc7/

--------------- Added [DATE]1382711311[/DATE] at [TIME]1382711311[/TIME] ---------------

I cant seem to see administrator log?

Where should I find this? I can see Moderator Log but not administrator?
Reply With Quote
  #2  
Old 10-25-2013, 05:47 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Those that make use of the init_startup hook locations are all malicious. Delete them.
Reply With Quote
  #3  
Old 10-25-2013, 06:40 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Delete all them and the hacker admins then check admin logs see what they have changed I have fixed many forums and have seen them change files in templates and in skimlinks as well
Reply With Quote
  #4  
Old 10-26-2013, 08:13 AM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I reuploaded all the forum files so they are now original flles.

As well as this I have deleted all of the above hooks, deleted admins, changed the database name and password, changed the admin and mod cp links. Changed the ftp password, deleted anything 'install'.

Is there anything else I need to do? Do I need to reset users passwords? if so what is the query used to do this?

Regards

Matt

--------------- Added [DATE]1382779442[/DATE] at [TIME]1382779442[/TIME] ---------------

I also notice a few php and html files that I dont recognise..... is there a way of checking all files and folders? Im going to keep the forum down till I get all this sorted....

--------------- Added [DATE]1382779857[/DATE] at [TIME]1382779857[/TIME] ---------------

zdberr9cd964b2da2e416c43c2b2cc5d64ac18.dat
Reply With Quote
  #5  
Old 10-26-2013, 09:35 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I would do the following, to ensure everything is clean.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:45 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05202 seconds
  • Memory Usage 2,197KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete