No announcement yet.

Site was hacked... again.

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Site was hacked... again.

    Hi all,

    OK, so my site was hacked again. This time I managed to get it back up quickly by uploading and running the file "tool_recompile.php".

    However, I am wondering if the templates that were recompiled by the tool may help in discovering (and closing) any back doors or security holes. Here's what was displayed after the tool was run:

    Template Recompiler Tool! © Geeky Designs
    You should remove this file from your server when you are done with it.
    While it poses no substantial risk to your site's security, recompiling every template in the database is intensive on your server.
    Keeping this file on your server would allow anyone to hammer your server with requests to this file.
    Recompiling templates... 
    Template updated: spacer_open (id: 19428, styleid: -10)
    Template updated: spacer_open (id: 20723, styleid: -1)
    Templates recompiled! Rebuilding styles... 
    Rebuild Style Information
    Updating style information for each style
    Default Style ... (Templates) (Stylevars) (Replacement Variables) (CSS) Done.
    Thank you for using our tool!
    Obviously, the template "spacer_open" was modified in some way if the Template Recompiler tool had to revert it to it's original format. However, is there any way for me to figure out how (or possibly who) modified it in the first place? I know the site itself was working fine yesterday; I discovered the site was hacked about an hour ago so the window is rather small. Any thoughts or ideas at all?

    And what is "styleid: -10" and "styleid: -1"? I only have the two default styles (regular and mobile) that come with vB4, and their IDs are both "1".

    Thanks very much in advance.

  • #2
    I think your style modified by A SQL query and it can't be logged to know who.

    If you are in shared host someone can view your config.php settings and edit your database !
    you can change your database username/password and ask your shared host to activate safe mode or run php as SuPHP

    Former vBulletin Support Staff
    Need Help?, Or P.M. Me


    • #3
      Thanks for the quick response.

      I believe I am on a shared host, but I am going to double-check with my web host just to make sure. If that's the case then I'll definitely ask them to activate safe mode or run SuPHP as you've suggested.


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.