Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 17 Jul 2012, 14:48
pyes pyes is offline
 
Join Date: Mar 2012
my forum was hacked

How do i unhack it? Im sure the hacker only infiltrated the vb software and not my server. Which completely pisses me off either way. I sure it has happened to someone here...how did you fix it.

I can not find any altered files though in the control panel.

ironjuggernauts dot com
Reply With Quote
  #2  
Old 17 Jul 2012, 14:58
DirtRider DirtRider is offline
 
Join Date: Feb 2011
It seems to be the header that he has altered also your forum title
Reply With Quote
  #3  
Old 17 Jul 2012, 15:10
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
You already checked for suspicious files, that's good. I would run this script: www.vbulletin.org/forum/showthread.php?t=281080 and then also go to the Plugin Manager and see if you notice any strange looking plugins.

TheLastSuperman wrote an article about recovering a hacked system here: https://www.vbulletin.com/forum/cont...vBulletin-Site
Reply With Quote
  #4  
Old 17 Jul 2012, 15:18
pyes pyes is offline
 
Join Date: Mar 2012
yes i have checked and my hosting company is checking now also and thinking of doing a server restore.

I cannot log into my site or my admin panel.

however, i can log into my server and control panel. I will check out those links ty.

--------------- Added 17 Jul 2012 at 15:37 ---------------

i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.
Reply With Quote
  #5  
Old 17 Jul 2012, 15:58
KProjects KProjects is offline
 
Join Date: Feb 2006
Do you have ssh access?

If so, find files that were last updated in the past week or so.. and look through to see what they are. Once you find the hacked files, restore from a backup (database and files) from before that time. If you can't find anything that was changed (like if they modified things in the database), then pick a known-good point and restore from then.
__________________

Stop Spammers
Reply With Quote
  #6  
Old 17 Jul 2012, 15:58
pyes pyes is offline
 
Join Date: Mar 2012
is there a way to get me back inside my forum? im locked iout from password change or something. Is there a way to change my password via the server control panel?

--------------- Added 17 Jul 2012 at 16:00 ---------------

i dont even know what an ssh is...lol sorry. Im not that savy....just the basics.
Reply With Quote
  #7  
Old 17 Jul 2012, 16:00
KProjects KProjects is offline
 
Join Date: Feb 2006
Originally Posted by pyes View Post
i installed the tool in my public html file....but i cannot run it....how do i run it? There is no ''browse'' option on my control panel. I dont have access to my admin panel.
Just go to: http://www.yoursite.com/tool_recompile.php
__________________

Stop Spammers
Reply With Quote
  #8  
Old 17 Jul 2012, 16:25
pyes pyes is offline
 
Join Date: Mar 2012
nope, still getting the same screen and i can log in

--------------- Added 17 Jul 2012 at 16:42 ---------------

cant*
Reply With Quote
  #9  
Old 17 Jul 2012, 17:30
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?
__________________
My mods.
Reply With Quote
  #10  
Old 17 Jul 2012, 17:42
pyes pyes is offline
 
Join Date: Mar 2012
Originally Posted by borbole View Post
Did you follow the steps outlined at the guide above?

The easiest way would be for you to first restore your latest backup from before the hack then overwrite your forum files with the ones from the 4.1.12 pl2 package and then run the upgrader. This will take care of 2 things at once, one it will clean all your forum files and upgrade your forum as well. Keeping up to date with the latest versions is the best way security wise.

Then do a thorough checkup of your server space for any suspicious file/s that shouldn''t be there.

And as last but not least contact your host to check their logs and see how your forum was hacked. You say that you are sure that the vb was the culprit and not the host. May I ask you how come you have reached that conclusion?

My host has to do the backup restore for me as I pay them extra to maintain the server. Im just waiting on them and they are slow. (ccihosting). I will do as you said and update vb versions as soon as i can get into my site. I will also run the updater as you mentioned.

My server company is the ones who said that the server was not compromised....they said it stemmed from Vbulletin. IDK. Im just going by what they said.

I may be looking for someone to head my security and will pay, if anyone is interested.

--------------- Added 17 Jul 2012 at 17:44 ---------------

This is what they told me:

We suggest you to access the WHM/cPanel and change all the passwords for your site and e-mail accounts. The website is hacked but the cPanel information still works.

Probably the site was hacked because a vulnerability of vbulletin. Please make sure to check that you have the must recent version of the vbulletin software.

There are daily, weekly and monthly backups for the site in the server right now and it will be possible to restore the site to a previous state.

Let us know your comments.



Best Regards,

Nexar Donadio
Senior Technician
CCI Hosting
www.ccihosting.com
Panama, Republic of Panama
Reply With Quote
  #11  
Old 17 Jul 2012, 18:01
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
They have a point when they say to use the latest version but they also say "Probably the vb was the culprit". Can you please ask them to provide some kind of proof to back their claim?
__________________
My mods.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 13:08.

Layout Options | Width: Wide Color: