Announcement

Collapse
No announcement yet.

Redirection hack to R00TW0RM

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Redirection hack to R00TW0RM

    Help!

    Templates look fine and none of my static files appear to have been compromised. http://geekhack.org

    They have changed it up a couple of times...this latest one appears to be broken...but it DID initially redirect to their site.

  • #2
    Try some of the information listed here - https://www.vbulletin.com/forum/cont...vBulletin-Site

    It could be a simple .htaccess redirect in that file or worse but use the above guide and see if you can't track it down and rid yourself of this .


    Former vBulletin Support Staff
    Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
    Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

    Comment


    • #3
      Originally posted by TheLastSuperman View Post
      Try some of the information listed here - https://www.vbulletin.com/forum/cont...vBulletin-Site

      It could be a simple .htaccess redirect in that file or worse but use the above guide and see if you can't track it down and rid yourself of this .
      They modified the templates directly in the db. The Fix-it template script helped me recompile those templates and remove the redirect (for now).

      Site is always patched to the latest/greatest vB version and locked down pretty tight (as per security best practices detailed on this site). Maybe I am facing a zero day vulnerability not yet discovered in vB???

      Comment


      • #4
        Originally posted by mavherzog View Post
        Maybe I am facing a zero day vulnerability not yet discovered in vB???
        or maybe a poorly coded mod?
        -- Web Developer for hire
        ---Online Marketing Tools and Articles

        Comment


        • #5
          I doubt it's a Zero Day... I will never say never on something like that but I will doubt the fire out of it . Please be sure to check for suspicious files and remember, if you have any other software installed, openx for ads as a example or anything at all, ensure none of those platforms are being exploited and that all other software is also fully up to date and secured to the best of your knowledge at all times .

          Edit: Also the possibility they have a shell script or similar on the site that was put up when you were initially hacked, with something like that they can continue to gain access despite a security patch being applied.


          Former vBulletin Support Staff
          Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
          Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X