Announcement

Collapse
No announcement yet.

Help I've been hacked.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Simon Lloyd
    replied
    If you truly have uploaded a new set of files via ftp in ASCii mode with overwrite then you still have a script somewhere on your server thats rewriting the index.php.

    You can test this simply by creating quick page in notepad, just add a few divs or whatever, i've created one for you, there's no php in it at all even though it's named that way
    index.php
    Just upload it via ftp with overwrite to your forum root and it should replace the index.php thats already there.

    Let us know how you go on

    Leave a comment:


  • whitey10tc
    replied
    Delete index.php from the server, then reupload index.php... Also check for any other index.php or index.htm, index.html that may be in your web root and delete or rename them as needed.

    Also check for any re-directs that don't look right.

    Leave a comment:


  • stevieg
    replied
    make sure your default webpage is set to index.php and not index.html

    Leave a comment:


  • *LA*
    replied
    I've reinstalled all my original vbulletin files so I'm using the original index.php that you get in the vbulletin package. Still 123, is this wrong should I be using something else?
    I'm sorry I know these are probable annoying questions but I'm stuck

    Leave a comment:


  • Simon Lloyd
    replied
    It's showing 123 because your index file is exactly that!, right click on your page and view source, there's no html which means that the only thing on that page is actual text "123"

    Leave a comment:


  • *LA*
    replied
    I've removed the install.php but still seeing the 123

    Leave a comment:


  • beishe8
    replied
    Originally posted by *LA* View Post
    ...
    Security Alert!

    install.php still remains in the /install/ directory.

    This poses a security risk, so please delete that file immediately.

    Leave a comment:


  • *LA*
    replied
    http://thebaglounge.com/

    (Thank you again)

    Leave a comment:


  • Trevor Hannant
    replied
    Link to your site?

    Leave a comment:


  • *LA*
    replied
    I messaged them last night when it showing the long warning message they said they have now resolved the date issue but when I go to the site now it shows the white page with 123 in the corner, so they have changed something but the problem still hasn't gone, is this still an issue with them or is it something I can do?

    Leave a comment:


  • Trevor Hannant
    replied
    I would speak to your host regarding these...

    Leave a comment:


  • *LA*
    replied
    Thank you so much for all your help, hopefully you'll be able to help me a little more.

    I started by re-uploading my vbulletin but I started getting a white page with this message

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3381

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3514

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'UTC' for 'GMT/0.0/no DST' instead in [path]/includes/functions.php on line 3568

    I googled to see if I could find the solution myself and a few suggestion were adding the timezone to the php.ini, or to the function.php or config.php. I've tried all 3 most of the time I get a white page with 123 in the top left corner sometimes it says something about cookies and the header is already set but usually it's the 123.I also contacted my host and they said that the timezone had not been set but they have done so now but I'm still getting the message. Any suggestions? Sorry to be a pain but I'm at a loss here and need help.

    Leave a comment:


  • Trevor Hannant
    replied
    Firstly, you're using an unsecure version of vBulletin as even on 3.8.4, you're not using the latest patch. I'd certainly recommend upgrading your license and at least upgrading to the latest version of the 3.8 series also as soon as you resolve the hacking issue.

    Here are the instructions on how to restore an admin account for when you cannot access the old admin account, have lost the password, got hacked, or you can't receive the lost password email from http://www.YOUR-DOMAIN.com/YOUR-FORU....php?do=lostpw

    Note: Change that link to your forum URL of course.

    Browse to your forum and log out if you aren't already. Register as a new user and login as this user.

    In the vBulletin's .zip file you can find a directory called 'do_not_upload/'. Inside this directory is a file called 'tools.php'. Upload this file into your forum's admincp/ directory.

    Then go to the admincp/tools.php with your browser.

    At the bottom of the tools page is an option to 'Reset Admin Access'. Run it with the just newly registered username.

    You have just made yourself admin. And you need this because you should now login to the admincp/ and find the user who's password you've lost. Search for this user and when found you will see the whole profile. Including a password field.

    Set a new password.

    Go to the main forum and log out as the new user, and try to login with the old admin account. This should work now. If it does not work contact vBulletin Support again.

    When it works, go back into the admin control panel and find the newly registered user. The profile page will have a dropdown in the top, from there select delete and delete the temporary admin.

    Then delete the tools.php file. It is a potential security risk if you leave it on-line.

    Then, make sure you follow the advice in this thread:

    www.vbulletin.com/go/secure

    Leave a comment:


  • beishe8
    replied
    Originally posted by *LA* View Post
    my license has expired so can I still get support from vbulletin?
    You can get support on this forum.

    Leave a comment:


  • whitey10tc
    replied
    Are you able to access the admincp?
    What version of vb?
    It looks like in your image it's just a defacing, and a re-upload of the vbulletin package should resolve it. Make sure to clear your cookies and cache after doing so. Might also run an upgrade.php to the latest if not already.

    Leave a comment:

Related Topics

Collapse

Working...
X