Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 17 Sep 2013, 13:55
obglobal.net obglobal.net is offline
 
Join Date: Jan 2013
SITE HACKED AGAIN! Can't access ACP. Totally lost.

This is ridiculous.

I don't know how to handle this kind of stuff! I can't even access my ACP to delete this dude.

Hacked by Ari Tiga Angka Enam.

Why is vBulletin so easy to hack? Someone please guide me through what to do via cPanel.

I lost about 50 posts last time because I reverted to a backup.

So over it.
Reply With Quote
  #2  
Old 17 Sep 2013, 14:06
xenite xenite is offline
 
Join Date: Oct 2005
Using Web-sniffer.net it looks to me like he may have replaced some of your PHP files. You may only have to upload backup copies of the PHP, not the MySQL database.

As far as blocking him from accessing your site again, look at your VBulletin ADMIN log and your raw server log to see if you can identify the right IP address.

If you don't know how to do this stuff then you'll probably need to pay someone to harden your server.
Reply With Quote
  #3  
Old 17 Sep 2013, 14:12
obglobal.net obglobal.net is offline
 
Join Date: Jan 2013
All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added 17 Sep 2013 at 14:21 ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?
Reply With Quote
  #4  
Old 17 Sep 2013, 18:52
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Replace them from the ftp
Reply With Quote
  #5  
Old 17 Sep 2013, 19:32
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Cool

Originally Posted by obglobal.net View Post
All a mystery to me. Thanks for your help.

But seriously, vBulletin, thanks for nothing.

--------------- Added 17 Sep 2013 at 14:21 ---------------

I got this from my hosting site

I have checked your site and found the following suspicious files:

Code:
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/plugin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/help.php
[HEX]php_nested_base64_510 : [15/09/13] /home/obglobal/public_html/admincp/nsuser.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/index.php
[HEX]php_nested_base64_510 : [17/09/13] /home/obglobal/public_html/admincp/black.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/admincp/admin.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/forum.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/index.php
[STR]Hacked_by_string : [17/09/13] /home/obglobal/public_html/showthread.php

Please check and clean them if necessary.

__________

Any ideas on what I should do?
Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #6  
Old 17 Sep 2013, 21:47
obglobal.net obglobal.net is offline
 
Join Date: Jan 2013
Thanks a lot, fellas. I'll give this a try. Cheers.

--------------- Added 17 Sep 2013 at 22:44 ---------------

Originally Posted by ForceHSS View Post
Replace them from the ftp
Originally Posted by TheLastSuperman View Post
Delete these files:
admincp/black.php
admincp/nsuser.php
admincp/admin.php

^ Those files are not included with vBulletin by default. Replace the other files by overwirint them with 100% fresh files as ForceHSS mentioned above .
Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.
Reply With Quote
  #7  
Old 18 Sep 2013, 18:55
xenite xenite is offline
 
Join Date: Oct 2005
Originally Posted by obglobal.net View Post
Hey fellas. Thanks for your help with this. I deleted the 3 files TheLastSuperman mentioned, but I'm not real sure about the next step - replacing files. I think it's gonna be locating them that's the issue.
If all else fails, login to VBulletin's Members area and download the source code again. Then just extract the files you are sure you need.
Reply With Quote
  #8  
Old 19 Sep 2013, 01:09
obglobal.net obglobal.net is offline
 
Join Date: Jan 2013
Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.
Reply With Quote
  #9  
Old 19 Sep 2013, 01:15
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Unhappy

Originally Posted by obglobal.net View Post
Thanks for your help, gents, but this was too hard for me. I had to pay to get everything reverted and have extra security added.
I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay . Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #10  
Old 19 Sep 2013, 01:19
obglobal.net obglobal.net is offline
 
Join Date: Jan 2013
Originally Posted by TheLastSuperman View Post
I don't think anyone likes making money by fixing sites that have been hacked, I could be wrong but I'm very sad you had to pay . Overall the community here tries to be as helpful as possible within reason to try and alleviate some of the stress and help many to regain their forum .
It's all good. It was a bit of a blunder on my behalf to go in to this thinking I'd have to do so little. I've been made wiser through my own silliness, unfortunately.

Could you help me with this?

http://www.vbulletin.org/forum/showthread.php?t=302431
Reply With Quote
  #11  
Old 19 Sep 2013, 01:27
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by obglobal.net View Post
It's all good. It was a bit of a blunder on my behalf to go in to this thinking I'd have to do so little. I've been made wiser through my own silliness, unfortunately.

Could you help me with this?

http://www.vbulletin.org/forum/showthread.php?t=302431
Already replied .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 13:46.

Layout Options | Width: Wide Color: