Announcement

Collapse
No announcement yet.

Hacked by Syrians

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked by Syrians

    My site now looks like this (below). I have no idea what happened. Please help!

    Nelson
    >> Hacked By SeCuR!TY [email protected] <<

    SeCuR!TY ** [email protected]
    Syria Al-Assad




    Syrian Army

    Nelson
    www.Hobby-Machinist.com

  • #2
    That would make two of us. I know after looking that I still had the install directory in place (now deleted). How best to go about fixing this?

    Comment


    • #3
      I was also hacked. Running 4.2.0. Please reply with any ideas on how this hacker is accessing vbulletin installs. And any fixes.

      Comment


      • #4
        Read vBulletin announcement and other threads, this has been discussed many times.

        Comment


        • #5
          Which announcements and which threads discuss HOW TO FIX this? Please list the URLs for us.
          Thank you.
          Nelson
          www.Hobby-Machinist.com

          Comment


          • #6
            DELETE the /install/ directory.

            PoS coding... WHO does this? I've had one forum hacked number of times before I discovered this fix... there is no email, no security alert and only notice you receive is when you login to admincp.
            Last edited by InvisionTech; Fri 13 Sep '13, 7:34pm.
            Wise man says...
            Virtualization.net | DefenceTalk.com | World Affairs Talk.com | AutoTalk.com | SinoDefenceForum.com | Solutions.pro | PakistanTalk.com

            Comment


            • #7
              ...and don't forget to delete the admin usernames that the bastards create.

              PoS coding!
              Wise man says...
              Virtualization.net | DefenceTalk.com | World Affairs Talk.com | AutoTalk.com | SinoDefenceForum.com | Solutions.pro | PakistanTalk.com

              Comment


              • #8
                I'm not a techie. I couldn't clear this message the hackers put on no matter what I did. I backed up the old site on my computer and tried downloading the 4.2.2 alpha and tried to upgrade and use the fresh install to remove the hacking. No go. It remained and after I ran upgrade.php I got a huge number of errors. Finally, I asked my web server to restore from this morning. We will see fi that works. I will delete the install folder once it is restored. This is a TERRIBLE thing. My site has been hacked 3 times in 3 days now.
                Nelson
                www.Hobby-Machinist.com

                Comment


                • #9
                  They may have created plugins, etc. delete those and also edited existing plugins. So you have to do some digging... and revert your templates. FORUMHOME and FORUMDISPLAY, etc.

                  I know how you feel, one of my website (just a forum) was hacked multiple times over the past 4 days... this exploit existed in 4.0 to 5.0+ so I am not sure what vbulletin team is smoking, obviously, its not the imported stuff. No wonder there are vbulletinsucks websites.
                  Wise man says...
                  Virtualization.net | DefenceTalk.com | World Affairs Talk.com | AutoTalk.com | SinoDefenceForum.com | Solutions.pro | PakistanTalk.com

                  Comment


                  • #10
                    I've followed up in your ticket. For others, I would strongly recommend reading these two announcements, here and here. This blog post by Zachery also gives some insight on how to go about fixing the damage and this one details how to secure your site further.
                    Aakif Nazir

                    Comment


                    • #11
                      Originally posted by InvisionTech View Post
                      They may have created plugins, etc. delete those and also edited existing plugins. So you have to do some digging... and revert your templates. FORUMHOME and FORUMDISPLAY, etc.

                      I know how you feel, one of my website (just a forum) was hacked multiple times over the past 4 days... this exploit existed in 4.0 to 5.0+ so I am not sure what vbulletin team is smoking, obviously, its not the imported stuff. No wonder there are vbulletinsucks websites.
                      Not being a tech, I don't know what to look for in the plugins. I checked them, and they are all under existing program and modifications groups. Nothing looks unusual. My web host said they used something called a "symlink" to redirect my site elsewhere. Does anyone know what that is?
                      Nelson
                      www.Hobby-Machinist.com

                      Comment


                      • #13
                        Originally posted by Allthumbz View Post
                        My site now looks like this (below). I have no idea what happened. Please help!

                        Nelson
                        >> Hacked By SeCuR!TY [email protected] <<

                        SeCuR!TY ** [email protected]
                        Syria Al-Assad




                        Syrian Army
                        Hay buddy same situation happened with me today my home page was hacked by some one scripts.tk type website and only homepage was not working other sub pages on website was working fine go to your hosting account just check new files added simply delete those files

                        For your information it was little file with .dat extension
                        Alrazaak.com

                        Comment


                        • #14
                          We've been hit with this same hack. I deleted the install directory but no change. I can't login to the admin cp since it redirects me immediately.

                          Comment


                          • #15
                            In AdminCP go to styles & templates / Search Templates / and search SeCuR!TY - you will see which templates are infected.

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X