Announcement

Collapse
No announcement yet.

Site hacked, can someone please help?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AusPhotography
    replied
    I decoded the vba.php file - CyberAnarchy.org maybe part of this hack

    Leave a comment:


  • Peter_AUS
    replied
    Find the user, edit their number to be what you want it to be. Then run fix usernames in the admincp, that worked for me.

    Leave a comment:


  • Cristi_XP
    replied
    how do I run the ???
    4.4 Table: user > AUTO_INCREMENT set number to you real latest user
    Last user has id 36260
    Because i am getting some errors when running the SQL command .
    thanks
    Last edited by Cristi_XP; Wed 4 May '11, 11:38pm.

    Leave a comment:


  • jaycob
    replied
    Originally posted by SilentSleeper View Post
    Click on your user >table then click on your >Operations link located at the top and then change it in your >Table options
    thanks worked link a charm. thank you.

    my main forum is lagging, im hoping its just the server.

    Leave a comment:


  • SilentSleeper
    replied
    Originally posted by jaycob View Post
    in phpmyadmin? i cant find that option AUTO_INCREMENT when edit the last user? thanks mate.
    Click on your user >table then click on your >Operations link located at the top and then change it in your >Table options

    Leave a comment:


  • jaycob
    replied
    Originally posted by vktechnology View Post
    Hi jaycob
    Set
    Table: user > AUTO_INCREMENT to this number 57001
    in phpmyadmin? i cant find that option AUTO_INCREMENT when edit the last user? thanks mate.
    Last edited by jaycob; Wed 4 May '11, 10:17pm.

    Leave a comment:


  • jaycob
    replied
    Originally posted by Herzog View Post
    searching more log files, we've narrowed down the hit on ours. Obviously a script followed by a person to check the status.

    Run a search through your logs for a GET request of: /?page=
    and a POST request of: /?page=[randompagetitle]/register.php?do=register

    [randompagetitle] is random, including what they used in our logs would be irrelevent.
    thanks.
    would re-uploading all vbulletin files help? thx

    Leave a comment:


  • vktechnology
    replied
    Hi jaycob
    Set
    Table: user > AUTO_INCREMENT to this number 57001

    Leave a comment:


  • Herzog
    replied
    searching more log files, we've narrowed down the hit on ours. Obviously a script followed by a person to check the status.

    Run a search through your logs for a GET request of: /?page=
    and a POST request of: /?page=[randompagetitle]/register.php?do=register

    [randompagetitle] is random, including what they used in our logs would be irrelevent.

    Leave a comment:


  • jaycob
    replied
    Originally posted by vktechnology View Post
    I board got hacked too now is running fine

    Instruction how to remove

    1) Search for new update file and delete it
    go to your root forum

    and run this command to fine new update file
    login as shell

    find . -mtime -1 -print

    (-1 is day of update file)

    you might see this file and delete it

    index.php
    index.html
    admincp/index.php
    admincp/index.html
    modcp/index.php
    modcp/index.html

    and delete unknow files

    and Upload load original files you just delete it


    2)reset admin login to admin cp

    upload tools.php to admincp
    and reset admin login

    3)login to admincp and disable Cyb rules and install new version do not foget to over write it

    4)Go to phpmyadmin
    go to Table: user

    4.1delete everything in this field = usertitle
    UPDATE user SET usertitle = ''

    4.2update this field customtitle =0
    UPDATE user SET customtitle = '0' where customtitle = '1'

    4.3. deelte user id that over '13371337'

    4.4 Table: user > AUTO_INCREMENT set number to you real latest user

    5)Go to admincp > user group > adminstrators
    Delete user that you didn't add

    6) admincp > update counter > update user title
    this step you will get users title back

    7) turn on board


    ---all done ---

    im still getting after adding new user the id (id: 13371339)
    user befor that is fine ie: 57000.

    Leave a comment:


  • jaycob
    replied
    Originally posted by FallenBeauties View Post
    There's no vbf.php file in my includes folder, weird.. But it is f*cked up, they said they haven't touched any files but it seems they did. + They f*cked up the database.
    if the hackers have messed up the database, is CYB rules still to blame for this? or vbulletin.

    and yes to above up a few posts, when i add a new user its like user ID 123244533.


    Originally posted by beishe8 View Post
    ahhh thanks.

    Leave a comment:


  • HMBeaty
    replied
    Just another piece of advice, you may want to .htaccess your admincp and modcp (and also rename to something more secure if you wish)

    Leave a comment:


  • vktechnology
    replied
    I board got hacked too now is running fine

    Instruction how to remove

    1) Search for new update file and delete it
    go to your root forum

    and run this command to fine new update file
    login as shell

    find . -mtime -1 -print

    (-1 is day of update file)

    you might see this file and delete it

    index.php
    index.html
    admincp/index.php
    admincp/index.html
    modcp/index.php
    modcp/index.html

    and delete unknow files

    and Upload load original files you just delete it


    2)reset admin login to admin cp

    upload tools.php to admincp
    and reset admin login

    3)login to admincp and disable Cyb rules and install new version do not foget to over write it

    4)Go to phpmyadmin
    go to Table: user

    4.1delete everything in this field = usertitle
    UPDATE user SET usertitle = ''

    4.2update this field customtitle =0
    UPDATE user SET customtitle = '0' where customtitle = '1'

    4.3. deelte user id that over '13371337'

    4.4 Table: user > AUTO_INCREMENT set number to you real latest user

    5)Go to admincp > user group > adminstrators
    Delete user that you didn't add

    6) admincp > update counter > update user title
    this step you will get users title back

    7) turn on board


    ---all done ---
    Last edited by vktechnology; Wed 4 May '11, 9:49pm.

    Leave a comment:


  • beishe8
    replied
    Originally posted by jaycob View Post
    what hack is vba.php please.
    http://www.vbadvanced.com/

    Leave a comment:


  • FallenBeauties
    replied
    There's no vbf.php file in my includes folder, weird.. But it is f*cked up, they said they haven't touched any files but it seems they did. + They f*cked up the database.

    Leave a comment:

Related Topics

Collapse

  • TsG XxGHOSTxX
    I need help
    by TsG XxGHOSTxX
    I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
    Wed 7 Jun '17, 8:25am
Working...
X