Site hacked, can someone please help?

This topic is closed.

AusPhotography replied

Thu 5 May '11, 12:25am
I decoded the vba.php file - CyberAnarchy.org maybe part of this hack
Leave a comment:
Peter_AUS replied

Thu 5 May '11, 12:04am
Find the user, edit their number to be what you want it to be. Then run fix usernames in the admincp, that worked for me.
Leave a comment:
Cristi_XP replied

Wed 4 May '11, 11:17pm
how do I run the ???
4.4 Table: user > AUTO_INCREMENT set number to you real latest user
Last user has id 36260
Because i am getting some errors when running the SQL command .
thanks

Last edited by Cristi_XP; Wed 4 May '11, 11:38pm.
Leave a comment:
jaycob replied

Wed 4 May '11, 10:27pm
Originally posted by SilentSleeper View Post

Click on your user >table then click on your >Operations link located at the top and then change it in your >Table options

thanks worked link a charm. thank you.

my main forum is lagging, im hoping its just the server.
Leave a comment:
SilentSleeper replied

Wed 4 May '11, 10:22pm
Originally posted by jaycob View Post

in phpmyadmin? i cant find that option AUTO_INCREMENT when edit the last user? thanks mate.

Click on your user >table then click on your >Operations link located at the top and then change it in your >Table options
Leave a comment:
jaycob replied

Wed 4 May '11, 10:12pm
Originally posted by vktechnology View Post

Hi jaycob
Set Table: user > AUTO_INCREMENT to this number 57001

in phpmyadmin? i cant find that option AUTO_INCREMENT when edit the last user? thanks mate.

Last edited by jaycob; Wed 4 May '11, 10:17pm.
Leave a comment:
jaycob replied

Wed 4 May '11, 10:08pm
Originally posted by Herzog View Post

searching more log files, we've narrowed down the hit on ours. Obviously a script followed by a person to check the status.

Run a search through your logs for a GET request of: /?page=
and a POST request of: /?page=[randompagetitle]/register.php?do=register

[randompagetitle] is random, including what they used in our logs would be irrelevent.

thanks.
would re-uploading all vbulletin files help? thx
Leave a comment:
vktechnology replied

Wed 4 May '11, 10:07pm
Hi jaycob
Set Table: user > AUTO_INCREMENT to this number 57001
Leave a comment:
Herzog replied

Wed 4 May '11, 10:04pm
searching more log files, we've narrowed down the hit on ours. Obviously a script followed by a person to check the status.

Run a search through your logs for a GET request of: /?page=
and a POST request of: /?page=[randompagetitle]/register.php?do=register

[randompagetitle] is random, including what they used in our logs would be irrelevent.
Leave a comment:
jaycob replied

Wed 4 May '11, 10:03pm
Originally posted by vktechnology View Post

I board got hacked too now is running fine

Instruction how to remove

1) Search for new update file and delete it
go to your root forum

and run this command to fine new update file
login as shell

find . -mtime -1 -print

(-1 is day of update file)

you might see this file and delete it

index.php
index.html
admincp/index.php
admincp/index.html
modcp/index.php
modcp/index.html

and delete unknow files

and Upload load original files you just delete it

2)reset admin login to admin cp

upload tools.php to admincp
and reset admin login

3)login to admincp and disable Cyb rules and install new version do not foget to over write it

4)Go to phpmyadmin
go to Table: user

4.1delete everything in this field = usertitle
UPDATE user SET usertitle = ''

4.2update this field customtitle =0
UPDATE user SET customtitle = '0' where customtitle = '1'

4.3. deelte user id that over '13371337'

4.4 Table: user > AUTO_INCREMENT set number to you real latest user

5)Go to admincp > user group > adminstrators
Delete user that you didn't add

6) admincp > update counter > update user title
this step you will get users title back

7) turn on board

---all done ---

im still getting after adding new user the id (id: 13371339)
user befor that is fine ie: 57000.
Leave a comment:
jaycob replied

Wed 4 May '11, 9:41pm
Originally posted by FallenBeauties View Post

There's no vbf.php file in my includes folder, weird.. But it is f*cked up, they said they haven't touched any files but it seems they did. + They f*cked up the database.

if the hackers have messed up the database, is CYB rules still to blame for this? or vbulletin.

and yes to above up a few posts, when i add a new user its like user ID 123244533.

Originally posted by beishe8 View Post

http://www.vbadvanced.com/

ahhh thanks.
Leave a comment:
HMBeaty replied

Wed 4 May '11, 9:39pm
Just another piece of advice, you may want to .htaccess your admincp and modcp (and also rename to something more secure if you wish)
Leave a comment:
vktechnology replied

Wed 4 May '11, 9:35pm
I board got hacked too now is running fine

Instruction how to remove

1) Search for new update file and delete it
go to your root forum

and run this command to fine new update file
login as shell

find . -mtime -1 -print

(-1 is day of update file)

you might see this file and delete it

index.php
index.html
admincp/index.php
admincp/index.html
modcp/index.php
modcp/index.html

and delete unknow files

and Upload load original files you just delete it

2)reset admin login to admin cp

upload tools.php to admincp
and reset admin login

3)login to admincp and disable Cyb rules and install new version do not foget to over write it

4)Go to phpmyadmin
go to Table: user

4.1delete everything in this field = usertitle
UPDATE user SET usertitle = ''

4.2update this field customtitle =0
UPDATE user SET customtitle = '0' where customtitle = '1'

4.3. deelte user id that over '13371337'

4.4 Table: user > AUTO_INCREMENT set number to you real latest user

5)Go to admincp > user group > adminstrators
Delete user that you didn't add

6) admincp > update counter > update user title
this step you will get users title back

7) turn on board

---all done ---

Last edited by vktechnology; Wed 4 May '11, 9:49pm.
Leave a comment:
beishe8 replied

Wed 4 May '11, 9:32pm
Originally posted by jaycob View Post

what hack is vba.php please.

http://www.vbadvanced.com/
Leave a comment:
FallenBeauties replied

Wed 4 May '11, 9:32pm
There's no vbf.php file in my includes folder, weird.. But it is f*cked up, they said they haven't touched any files but it seems they did. + They f*cked up the database.
Leave a comment:

Previous 1 2 3 4 5 6 7 8 9 10 11 15 template Next

I need help

by TsG XxGHOSTxX

I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
- Channel: vB Cloud Support & Troubleshooting.
Wed 7 Jun '17, 8:25am

vBulletin 3 End of Life

Announcement

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Related Topics