Announcement

Collapse
No announcement yet.

Myanmar Muslim Cyber Force - site hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Myanmar Muslim Cyber Force - site hacked

    As per http://www.vbulletin.org/forum/showt...=1#post2444885

    I have been travelling with only an iPad.. Got the email about deleteing the install folder but assumed I would be lucky for a week, how wrong was that.. Sites been hacked.

    Since then I have restored a full file backup.. Deleted the created admins.. Made sure the plugin.php is clean.. Deleted install file.. Upgraded to latest 4.2.1 today.. Changed all passwords..

    and still they are back in.. This is the 3rd time they have defaced the site in 24h ??

    I am out of ideas on what to do now.. Having done a full file restore with clean pre hacked files and deleted the admins and changed passwords.. What else can I do to make it secure ??

  • #2
    Originally posted by Phat Phreddy View Post
    Deleted install file..
    Delete the entire install folder, not just the install.php file.

    Comment


    • #3
      sorry unclear.. I did deleted the entire folder.. First time.. Been hacked twice since..

      Comment


      • #4
        Please read the following two blog posts:
        http://www.vbulletin.com/forum/blogs...ve-been-hacked

        http://www.vbulletin.com/forum/blogs...vbulletin-site

        Also please see these recent security announcements:

        vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
        vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

        Comment


        • #5
          Read..

          Having removed the admins.. And reverted the entire filesystem to a backup.. And removed the install folder and updated to latest version..

          How the hell are they getting back in.. There cant be any file hooks in a reverted filesystem .

          Comment


          • #6
            Hooks are in the database, not the file system. What if anything do you have listed under the vBulletin Product, in the PLUGIN manager?

            Comment


            • #7
              So I have to lose how far back of posts on my forum ??

              Theres daily database backups but damn I dont want to lose the content.

              Comment


              • #8
                Looking for someone willing to work on cleaning this up.. $$

                Comment


                • #9
                  I don't think you have to remove any posts, have you checked your plugins as Zachery suggested? If all changes made by hackers are inside vBulletin database and directory, it shouldn't be hard to clean up.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X