 |
|
|
Thread Tools |
|
#1
25 Oct 2013, 13:49
|
|||
|
|||
|
Cleaning after hack
Ive just deleted about 15 'new' administrators
Any idea what these are? http://postimg.org/image/5fd9xpgu5/ Matt --------------- Added 25 Oct 2013 at 13:51 --------------- this is the contents http://postimg.org/image/dlzo3jwc7/ --------------- Added 25 Oct 2013 at 15:28 --------------- I cant seem to see administrator log? Where should I find this? I can see Moderator Log but not administrator? No members have liked this post.
|
|
#2
25 Oct 2013, 19:47
|
||||
|
||||
|
Those that make use of the init_startup hook locations are all malicious. Delete them.
__________________
My mods. No members have liked this post.
|
|
#3
25 Oct 2013, 20:40
|
||||
|
||||
|
Delete all them and the hacker admins then check admin logs see what they have changed I have fixed many forums and have seen them change files in templates and in skimlinks as well
__________________
No members have liked this post.
|
|
#4
26 Oct 2013, 10:13
|
|||
|
|||
|
I reuploaded all the forum files so they are now original flles.
As well as this I have deleted all of the above hooks, deleted admins, changed the database name and password, changed the admin and mod cp links. Changed the ftp password, deleted anything 'install'. Is there anything else I need to do? Do I need to reset users passwords? if so what is the query used to do this? Regards Matt --------------- Added 26 Oct 2013 at 10:24 --------------- I also notice a few php and html files that I dont recognise..... is there a way of checking all files and folders? Im going to keep the forum down till I get all this sorted.... --------------- Added 26 Oct 2013 at 10:30 --------------- zdberr9cd964b2da2e416c43c2b2cc5d64ac18.dat No members have liked this post.
|
|
#5
26 Oct 2013, 11:35
|
||||
|
||||
|
I would do the following, to ensure everything is clean.
First you need to follow our advisory about deleting the install folder off your forums. Then please read the following two blog posts: http://www.vbulletin.com/forum/blogs...ve-been-hacked http://www.vbulletin.com/forum/blogs...vbulletin-site Also please see these recent security announcements: vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others. No members have liked this post.
|
|
«
Previous Thread
|
Next Thread
»
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
|
|
| New To Site? | Need Help? |
All times are GMT. The time now is 11:41.
Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Design by Princeton
Copyright ©2001 - , vbulletin.org. All rights reserved.
vBulletin® is a registered trademark. 