No announcement yet.

Hacked, what should I do?

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Hacked, what should I do?

    We were hacked today and I have been unable to revert all changes they made.
    They inserted a javascript with a link in the header files in a few templates.
    That I have removed, but I don't know what else they changed. We have a lot of customizations...

    1. The templates display a few weird behaviours. I reverted the clientscript/vbulletin_css folder, but that did not seem to revert all the changes, are there more folders I should restore from backup and if so, which ones?

    2. The image I have attached comes up as soon as you go the the forum site, what could the cause be, and is it native vbulletin? I have never seen that text as a popup before.

    Click image for larger version

Name:	forum error.png
Views:	1
Size:	29.2 KB
ID:	3722044

  • #2
    Do you have a recent database backup? That would be the safest option-

    1) Restore the database
    2) Re-upload all your vBulletin files from the original downloaded .zip
    3) In Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

    This will give you a list of any files not part of vBulletin and/or do not have the expected contents.

    If you have a lot of mods there may be a lot of files listed here- You will need to confirm each of these files is from a legit mod, would be best to re-upload your mod files too.

    4) Make sure you change all your passwords- Your VB Admin Password, your database password in config.php, have any other Admins change their passwords too.

    5) Follow the instructions here for further securing vBulletin:

    Check your logs (see if your host will help you) to see if you can find out how you were hacked.


    • #3
      I can't really restore the database, that would remove thousands of posts even if the backup is from the day before.
      I hope to avoid it anyway.
      I'll get started with the rest, thanks!


      • #4
        Good luck.

        If you have that big of a board that thousands of posts would be lost due to a previous days backup I suggest you reconsider your backup strategy when you get this sorted out. My host for one does hourly backups.


        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.