Announcement

**Wayne Luke** · Mon 16 Sep '13, 11:59am

Replaced your files with default ones? Deleted any unknown plugins in the AdminCP? Deleted all suspect files from the system? Verified that your .htaccess file is correct?

http://michiganvw.org/forum/activity.php works fine which is the entry point to your site. I would suspect it is either the FORUMHOME template or a replaced file. Open your FORUMHOME template and save it. Does that fix the issue?

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

**eatworksleepdie** · Mon 16 Sep '13, 12:20pm

Thanks Wayne Luke! posting for others in case they miss this one too.. I went into [styles & templates > search in templates], did a search for "FORUMHOME", found it in both of my templates, and sure enough, it was edited with a javascript file. I then "reverted", and that reset/fixed it!

**Zachery** · Mon 16 Sep '13, 1:10pm

Its important to follow all of the steps, in that guide, not just some of them.

**festydave** · Mon 16 Sep '13, 1:18pm

I'm at the same bridge but having problems. The now deleted admin hacker tweaked my templates. Through the CP log I can see the template activity but I can't figure out how to revert to default.
I also updated from 4.2 to 4.2.1 thinking that would re-write my template defaults but it didn't.

**festydave** · Mon 16 Sep '13, 1:36pm

For me the exploit was in the footer template

**jrh369** · Mon 16 Sep '13, 2:01pm

How do you login to the admin control panel when you get redirected from both the direct url and footer link?

**donald1234** · Mon 16 Sep '13, 4:06pm

If you put a .htaccess file in your admincp directory with this

#order deny,allow
deny from all
# allow the admin
allow from xx.xx.xx.xx (ip)
# allow moderator:
allow from xx.xx.xx.xx (ip)

Then only the person with the ip on the .ht can access your admincp. You need a fixed ip to do this.

If like me you have a dynamic ip that's different each time you sign in you can use a vps proxy, I got one for $10 year from low end box.

**eatworksleepdie** · Tue 17 Sep '13, 10:09am

Originally posted by jrh369 View Post

How do you login to the admin control panel when you get redirected from both the direct url and footer link?

you should be able to go to: http://yourwebsitenamehere/forum/admincp/index.php

**hype901** · Tue 17 Sep '13, 10:31am

How do I completely delete all the templates and then get fresh Default templates from vBulletin? A hacker hit our site, I got his plug-ins out but we're still getting a PARSER error so I must disable hooks in config.php just to keep the basic forums running right.

vBulletin 4 End of Life

Announcement

Yet another hacked site. Can't get rid of it!

Yet another hacked site. Can't get rid of it!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment