Announcement

Collapse
No announcement yet.

jforjustice.co.uk/banksters - Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • motoxer311
    replied
    Thanks Trevor..

    I'm using 1and1 VPS with Plesk 10..

    Leave a comment:


  • DAMINK
    replied
    Originally posted by motoxer311 View Post
    How can you pw protect a directory?
    If you have cpanel then its quite easy. Just choose Password Protect Directories in the Security menu.



    Failing that then try what Trevor suggested and do it manually.

    Leave a comment:


  • Trevor Hannant
    replied
    Use .htaccess and .htpasswd files:

    http://www.htaccesstools.com/htpasswd-generator/

    Leave a comment:


  • motoxer311
    replied
    How can you pw protect a directory?

    Leave a comment:


  • rootnik
    replied
    Originally posted by motoxer311 View Post
    I was hit again, this is getting old now..

    Did you password protect the admincp directory?

    Also, if any admin accounts have been compromised you need them to reset their password, and make sure their email address is correct. When you password protect the admincp directory, only give the login details to your admins via a contact method where you can be sure you are talking to them. Posting the details in a private message or usergroup specific forum is going to allow the hackers to see the login details.

    You'll also want to password protect any phpmyadmin installations, look in your customavatar dir for any php files (there should be NONE, delete if there are any).

    You can set usergroups up to require a password change every X amount of days, this is probably a good practice too.

    Leave a comment:


  • motoxer311
    replied
    I was hit again, this is getting old now..

    Leave a comment:


  • Joe D.
    replied
    Turn off JavaScript in your browser, then view your site. With JavaScript off you won't be forwarded to the hacker's site.

    Then view HTML Source of your page and find instances of jforjustice.co.uk that will give you some clue where they are. I cleaned up a site last week the code was in the "Forum Name" setting in Admin CP -> Settings -> Options -> Site Name / URL / Contact Details AND in the setting for the mod VB Ad Management.

    Leave a comment:


  • dlangshaw
    replied
    Our vb site fishsniffer.com was hacked as well by the same install...and redirect. It is proving to be a real cluster to try and repair all the damage done. We are now on day three of attempting to repair and restore. None of these tweaks and tricks are making headway. Suspect is the hack installed with the vBSEO upgrade. Many very unhappy campers! :-(

    Leave a comment:


  • Wayne Luke
    replied
    Make sure to patch your vBulletin tonight with the new patch release. It will help secure things.

    Leave a comment:


  • Tim Mousel
    replied
    Informative link. Thank you!

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by asimj View Post
    I guess the next thing is to password protect the admincp directory using .htaccess
    I suggest this for the first thing after a new installation. Renaming it helps a bit as well but isn't as important.

    Leave a comment:


  • asimj
    replied
    I have run the vBSEO check utility and it reports everything is OK. The thread highlights all the issues with vBSEO and they have also kindly provided a suspicious activity tracking plugin, which I have installed. I guess the next thing is to password protect the admincp directory using .htaccess

    Thanks again for your advice, it's been very useful...

    Leave a comment:


  • Wayne Luke
    replied
    See: http://www.vbseo.com/f5/faqs-rogue-p...release-52862/

    Leave a comment:


  • asimj
    replied
    Thanks for the advice, but we couldn't find any primary point of infection, but believe it may have been in the outdated version of VBSEO. All files are patched now so it's a matter of wait and see.

    Leave a comment:


  • Wayne Luke
    replied
    Need to remove the primary point of infection. If it is the vBulletin software or one of your addons, the steps previously posted will expose it. Until you find that point of infection, you will see this over and over and over again. Removing that line just removes the result of the infection, not the infection itself.

    Going from other comments, the primary point seems to be insecure addons so you should either remove your addons or verify that they are free from exploitable issues.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X