Announcement

Collapse
No announcement yet.

Also hacked..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Also hacked..

    It seems to be going around here these days. I did not see the 'install' exploit notice and was compromised. I have since:

    1. Removed my old forums directory and uploaded from source
    2. Removed the install directory
    3. Added an htaccess to my admincp folder
    4. Removed phony admin accounts
    5. Reverted templates
    6. Disabled all plugins

    That said, I am STILL getting a 'hacked' message on my site. This message appears to only display when going to forum.php (not index or activity) and ONLY for logged in members, if you're a guest and visit you do not see the error. I am at my wits end on what to look into to remove this message. I could have sworn php, plugin, or template would do it.

    Moving forward are there any other things I should do in order to secure myself?

    Also of note, I added myself to view the CP panel logs and I didn't see any malicious activity. The malicious accounts were NOT set to be able to prune the logs, so this is a bit strange. Any thoughts?
    www.discussanything.com

  • #2
    I've also gone in and disabled/deleted all notices, still nothing. Logged in users see a 'hacked' message going to forums.php, unregistered users do not.

    I'm at the end of ideas, would really love some help.
    www.discussanything.com

    Comment


    • #3
      You will need to open a support ticket with AdminCP, FTP and Database access... Thank you.

      http://www.vbulletin.com/go/techsupport
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API - Full / Mobile
      Vote for your favorite feature requests and the bugs you want to see fixed.

      Comment


      • #4
        Thanks Wayne. I did open a support ticket last night, but I only received a response with the two related posts and the security announcement. Unfortunately, I believe I've done all the steps outlined in the posts but it hasn't fixed my site. I'll update the ticket with the AdminCP, FTP, and DB information, but if you could follow up on the ticket, I'd appreciate it. ticket Number 1217510
        www.discussanything.com

        Comment


        • #5
          You should respond to the ticket with the updated information. Either the person its assigned to will respond, or let someone else take it over if they're not able to help with the issue.

          Comment


          • #6
            Reference this thread and the person it is assigned to will follow up.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              Thanks guys!
              www.discussanything.com

              Comment


              • #8
                Originally posted by Wayne Luke View Post
                You will need to open a support ticket with AdminCP, FTP and Database access... Thank you.

                http://www.vbulletin.com/go/techsupport
                When I opened a support ticket I was simply told I am not paid up for that kind of support..

                Which after a security hole is a bit weak..

                Comment


                • #9
                  Same story here. Changed everything, upgraded, but cannot remove the message from the forum.php for users.
                  Sick of seeing the same message:

                  Turkish Hackers. !!

                  Hacked By Margu & BlueHackerTR


                  Any help/advice would be appreciated.

                  Comment


                  • #10
                    Ive got Russian hackers.. I think it's Russian (www.pghsportsforum.com). I followed all the steps that Zachery recommended and nothing
                    Pittsburgh Sports Forum | http://www.pghsportsforum.com/forum
                    Twitter - @pghsportsforum
                    Facebook - www.facebook.com/pghsportsforum

                    Comment


                    • #11
                      Originally posted by Mrdale96 View Post
                      Ive got Russian hackers.. I think it's Russian (www.pghsportsforum.com). I followed all the steps that Zachery recommended and nothing
                      We've got anti-Russian Turkish hackers. These guys took down 2 Russian speaking forums in the UK we know about, both forums using vbulletin. Right now it doesn't make any difference who'd done it. We're more interested in taking the forum back to normal and preventing anybody from doing the same again.

                      Comment


                      • #12
                        From our site I would:
                        1. Check all templates that are customized...also look for REMOVED or deleted templates.
                        2. Check all announcements
                        3. Check all notices
                        4. Make sure to check and remove all unknown administrators

                        Also, the support ticket did help and they helped me pretty quickly.
                        www.discussanything.com

                        Comment


                        • #13
                          Is there anyone with a good contact on who wants to get paid to clean this up ??

                          Comment


                          • #14
                            Check all your notices and announcements. Have a look if there are new admins, remove them. Look at admincp recent activities, see what got changed from not your admin ip. If any templates are changed, then install a new style, make it default, remove all old styles which are affected. See if it will help, it helped with ours.

                            Comment


                            • #15
                              And of course change all passwords, change your config file accordingly, remove all files you didn't add to cpanel, check all files which you did add, upgrade and remove the whole install directory, not just install.php

                              Comment

                              Related Topics

                              Collapse

                              Working...
                              X