vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=285659

my forum was hacked
by pyes
17 Jul 2012 13:48

How do i unhack it? Im sure the hacker only infiltrated the vb software and not my server. Which completely pisses me off either way. I sure it has happened to someone here...how did you fix it.

I can not find any altered files though in the control panel.

ironjuggernauts dot com

DirtRider 17 Jul 2012 13:58

It seems to be the header that he has altered also your forum title

kh99 17 Jul 2012 14:10

You already checked for suspicious files, that's good. I would run this script: www.vbulletin.org/forum/showthread.php?t=281080 and then also go to the Plugin Manager and see if you notice any strange looking plugins.

TheLastSuperman wrote an article about recovering a hacked system here: https://www.vbulletin.com/forum/cont...vBulletin-Site

pyes 17 Jul 2012 14:18

yes i have checked and my hosting company is checking now also and thinking of doing a server restore.

I cannot log into my site or my admin panel.

however, i can log into my server and control panel. I will check out those links ty.

--------------- Added 17 Jul 2012 at 14:37 ---------------

i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.

KProjects 17 Jul 2012 14:58

Do you have ssh access?

If so, find files that were last updated in the past week or so.. and look through to see what they are. Once you find the hacked files, restore from a backup (database and files) from before that time. If you can't find anything that was changed (like if they modified things in the database), then pick a known-good point and restore from then.

pyes 17 Jul 2012 14:58

is there a way to get me back inside my forum? im locked iout from password change or something. Is there a way to change my password via the server control panel?

--------------- Added 17 Jul 2012 at 15:00 ---------------

i dont even know what an ssh is...lol sorry. Im not that savy....just the basics.

KProjects 17 Jul 2012 15:00

Quote:

Originally Posted by pyes (Post 2348945)
i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.

Just go to: http://www.yoursite.com/tool_recompile.php

pyes 17 Jul 2012 15:25

nope, still getting the same screen and i can log in

--------------- Added 17 Jul 2012 at 15:42 ---------------

cant*

borbole 17 Jul 2012 16:30

Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

pyes 17 Jul 2012 16:42

Quote:

Originally Posted by borbole (Post 2348990)
Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?


My host has to do the backup restore for me as I pay them extra to maintain the server. Im just waiting on them and they are slow. (ccihosting). I will do as you said and update vb versions as soon as i can get into my site. I will also run the updater as you mentioned.

My server company is the ones who said that the server was not compromised....they said it stemmed from Vbulletin. IDK. Im just going by what they said.

I may be looking for someone to head my security and will pay, if anyone is interested.

--------------- Added 17 Jul 2012 at 16:44 ---------------

This is what they told me:

We suggest you to access the WHM/cPanel and change all the passwords for your site and e-mail accounts. The website is hacked but the cPanel information still works.

Probably the site was hacked because a vulnerability of vbulletin. Please make sure to check that you have the must recent version of the vbulletin software.

There are daily, weekly and monthly backups for the site in the server right now and it will be possible to restore the site to a previous state.

Let us know your comments.



Best Regards,

Nexar Donadio
Senior Technician
CCI Hosting
www.ccihosting.com
Panama, Republic of Panama

borbole 17 Jul 2012 17:01

They have a point when they say to use the latest version but they also say "Probably the vb was the culprit". Can you please ask them to provide some kind of proof to back their claim?


All times are GMT. The time now is 14:31.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.