Announcement

Collapse
No announcement yet.

Site Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    I helped the OP find there were over 120 templates with base64 encoding in them. Once these templates were deleted the site stopped forwarding to the hacker' site.

    We had to run "Step 7" from Wayne's instructions via phpmyadmin.

    Anyone else having their site forwarded to a hacker's site it's probably one or more changed templates.

    Comment


    • #47
      Joe is awesome, thank you so much for all your help. Very cool to take time out to help a poor dude out. Thanks again

      If you could, please describe how you do Step 7, as I'm still a little new to running these queries...

      thanks again

      - Steve
      www.coloradoevo.com

      Comment


      • #48
        1) Copy the query: SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';

        2) Go to phpMyAdmin.

        3) Click on the SQL tab after selecting your database.

        4) Paste the previously copied query into the text box.

        5) Press the Go Button.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #49
          Awesome, thanks Wayne

          So I no longer have my custom Templates under the stylvars section, is there any way to recover those pages, they were packed full of info?

          Any help would be appreciated... Thanks
          www.coloradoevo.com

          Comment


          • #50
            When I looked at the templates they had all their info erased and replaced with the hack code- there was nothing left... I would suggest re-installing your custom style (hopefully you still have it somewhere) that should bring back any missing templates.

            Comment


            • #51
              Thanks Joe, I looked in my custom style and they were gone... guess I'll have to re-write them, not a huge deal I guess. Just make sure I back these up also next time...

              Thanks again for all your help guys, everything is back up and running properly

              - steve
              www.coloradoevo.com

              Comment


              • #52
                After your customizations, you can back up the style by exporting it under Upload / Download Styles. It will all be packaged in a XML file.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment


                • #53
                  Sorry to raise an old thread but I've run into a similar issue.

                  I've just recently installed 4.2.0 on a new domain (new forum).

                  My domain name with all the versions below now redirect to the site in the attachment but only on 1 network connection.
                  http://www.mysite.com
                  http://www.mysite.com/forums/
                  http://www.mysite.com/forums/forums.php

                  When I tried to get on to the forum with my phone using the same wireless network as the desktop I had the same site come up but when I tried to connect on my phone not using that network I had no problems. I can also connect to the forum if I use my temporary URL provided by the host. This morning I couldn't get the forum up at all no matter what URL I used until I backed up my database and after that the temp URL worked.
                  I have no problem getting the forum up working from a different computer on a different wireless network.

                  I ran the Query from step 7 and about 19 templates came up. Do I delete these now? I'm a bit lost as to what to do now.
                  Any idea why it only happens from one internet connection?

                  EDIT: I've sent a ticket to my host provider with this issue as it sounds like a similar issue to this:
                  http://ask.metafilter.com/146730/Why...te-redirecting
                  But I've cleared my cache etc without it doing a thing, it wasn't until I restored my database that I could get on to the site.

                  - - - Updated - - -

                  To further this, I have absolutely no issues accessing the forum from a different computer with a different internet connection.

                  My host responded to the ticket by "adding a absolute forum path in your index.php file which is situated under the public_html folder". I'm not sure if this has fixed the problem as I won't be on that computer till tomorrow to see if the issue is resolved. But correct me if I'm wrong, but because my forum runs off the vBullentin index.php in the forums folder not from the public_html folder this will have no effect?

                  Anyone got any ideas on why this 1 internet connection and computer has been infected? Bearing in mind I had the same issue with my phone on the same wireless network but not with the network turned off.

                  Site here: http://www.allartforums.com

                  Anyone else having issues with it?

                  Edit: Forgot to attach the attachment and I don't have it here now, will add it tomorrow.
                  Last edited by Nomore4s; Mon 13 Aug '12, 9:33pm.

                  Comment


                  • #54
                    I can see your site at http://www.allartforums.com/ and http://www.allartforums.com/forums/ and http://www.allartforums.com/forums/forum.php Is that not what you want?

                    Please don't PM or VM me for support - I only help out in the threads.
                    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                    Want help modifying your vbulletin forum? Head on over to vbulletin.org
                    If I post CSS and you don't know where it goes, throw it into the additional.css template.

                    W3Schools <- awesome site for html/css help

                    Comment


                    • #55
                      Hi Lynne,

                      Yes I was having problems from only 1 computer and internet connection, every other internet connection I tried was fine, just wanted to make sure everyone else could get to it.

                      It seems the problem is fixed now as I can access the forums from the "infected computer". Thanks.

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X