Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #16  
Old 02 Oct 2013, 23:54
tbworld tbworld is offline
 
Join Date: Oct 2008
Originally Posted by Cygnusstudios View Post
Mine got hacked on Monday.
Sorry to hear that.
Reply With Quote
  #17  
Old 03 Oct 2013, 03:10
hhumas's Avatar
hhumas hhumas is offline
 
Join Date: Aug 2010
my site was also hacked ... they put this page ..

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.
Reply With Quote
  #18  
Old 03 Oct 2013, 05:06
tbworld tbworld is offline
 
Join Date: Oct 2008
Thank you, I have added this to my collection of variances for this exploit. The good news is this is just using the same initial exploit so after you cleaned your site "carefully" and follow the latest guidelines you should be okay. Normally, I don't like exploits posted, but at this point it is all over the web, and education is the best policy now -- in my opinion, I am only a volunteer and I am not directly affiliated with vbulletin.

If I can help with information, please feel free to ask.

Do you have your board up and running again?

Last edited by tbworld; 03 Oct 2013 at 12:52.
Reply With Quote
  #19  
Old 03 Oct 2013, 12:27
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Everyone should report the page:
https://www.facebook.com/Str4whatPir...itmentZone.gov

And group:
https://www.facebook.com/groups/Str4...itmentZone.gov

Both listed in your malicious code, hhumas. With enough reports, these will be taken down for promoting hacking / cyber attacks. I just reported too, for violence/threat of attack.
Reply With Quote
  #20  
Old 04 Oct 2013, 16:15
SupportAM SupportAM is offline
 
Join Date: Nov 2006
Okay I need help badly.
1. I have restored my older version of Web files.
2. Upgraded to newer version of VB ....now vb 4.2.1.
3. Cleaned suspect files.
4. Looked at the plugin.
Still nothing ..... My forum is showing forum.php that is not the physical forum.php on the webserver. There must be an entry somewhere that is displaying the page.
Here is the link to my page.

What else do i ahve to do ????

http://forum.automationmedia.com/
Reply With Quote
  #21  
Old 04 Oct 2013, 17:24
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
SupportAM, look in Styles -> Templates -> FORUM HOME.

Use this to check for other templates:
http://www.vbulletin.org/forum/showthread.php?t=281080
Reply With Quote
  #22  
Old 04 Oct 2013, 18:54
SupportAM SupportAM is offline
 
Join Date: Nov 2006
it goes to forum.php
and using that tool didn't help either.
Reply With Quote
  #23  
Old 04 Oct 2013, 21:30
Tigatoday Tigatoday is offline
 
Join Date: Aug 2007
Hi,

Our forum was also hacked.

Our provider found out that this was probably the problem. Maybe it helps other forum owners.

We removed the bad code from your site's template header.
It was a malicious js code that was creating a hidden iframe to infelobarc1979.tk.
Please remember to change all your passwords and keep vBulletin up-to-date
Reply With Quote
  #24  
Old 05 Oct 2013, 00:37
seriousrat seriousrat is offline
 
Join Date: May 2012
What a mess, but we believe both sites are now clean. We also had every mod and admin change passwords. We are watching as closely as we can, but what a giant pain.

Am I wrong, or did vbulletin only put a notice up warning everyone about the problem found in early September, like the 4th or so? They did not send out emails to those using their software with current licenses? Unless I completely missed something, that is what I see. If that is the case, is that why so many sites are currently under siege? The hackers read the notices but we certainly don't go to .com or .org anywhere close to every day.

The hack in ours was inserted almost two full weeks before activation. That way our backups were also corrupted for use.
Reply With Quote
  #25  
Old 05 Oct 2013, 14:47
CharlieDelta CharlieDelta is offline
 
Join Date: Apr 2010
The notices were pushed out in the ACP. That is how I found out and made the appropriate fixes right away. I log in everyday to my ACP.
BOP made a wonderful mod however that will send you these notices if you do not log on into your ACP. http://www.vbulletin.org/forum/showthread.php?t=301841
Reply With Quote
  #26  
Old 06 Oct 2013, 09:43
eva2000's Avatar
eva2000 eva2000 is offline
 
Join Date: Oct 2001
Folks who are getting hacked and have SSH/root user access that comes along with VPS or dedicated server hosting may have more tools available for them to properly clean up hacked forums and the left over infections. I just posted a summary guide here http://www.vbulletin.com/forum/blogs...ting-ssh-users which basically is a small excerpt of the much larger 10 page guide ?http://vbtechsupport.com/2355/.
__________________
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 14:38.

Layout Options | Width: Wide Color: