Announcement

Collapse
No announcement yet.

Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Hacked

    I guess we were hacked, but it seems to only be the homepage we were working on and not the forum itself (see the link in my signature).



    It seems this was due to a trust issue and not an exploit. The owner and I gave server info. to one of the admins that joined on December 5, 2011 and recently left in a weird manner and didn't let anyone know except for one of the other (trusted) admins via a PM.

    Anyway, I changed the password for the server, and if nothing else happens, then I guess it was that. The only problem is I don't know how to personally fix it since it was done via the server, and I'm not sure if our owner would know (no offense to him, of course).
    Last edited by Amaury; Wed 31st Oct '12, 2:01pm.
    Former vBulletin user

  • #2
    Try to find the default php or html file in your ftp and it should be the edited one.
    Then change it to a vBulletin default one or a custom one of your choosing.
    Last edited by Kent55; Wed 31st Oct '12, 3:42pm.

    ScreenShottr - Open Source Screen Capture Tool (Just pin to your taskbar)

    Comment


    • #3
      What Kent55 is saying is true. You just need to re-upload your index.php/index.html file and you should be fine. I have had this happen in the past and at first thought it was my vBulletin install that was at fault but I actually e-mailed the hacker (they put their email on the page) and asked them how they did it. They told me they didn't target my account specifically at all but just did a script that changed all the index files for every shared account on the server. It was the server that was vulnerable, not my particular account.

      If you're on a shared setup you may want to ask your host if others were also hacked on the same machine. If so, it's most likely your host's fault.
      Location Import Error Fix For Facebook Connect Users

      Comment


      • #4
        Originally posted by GasMan320 View Post
        What Kent55 is saying is true. You just need to re-upload your index.php/index.html file and you should be fine. I have had this happen in the past and at first thought it was my vBulletin install that was at fault but I actually e-mailed the hacker (they put their email on the page) and asked them how they did it. They told me they didn't target my account specifically at all but just did a script that changed all the index files for every shared account on the server. It was the server that was vulnerable, not my particular account.

        If you're on a shared setup you may want to ask your host if others were also hacked on the same machine. If so, it's most likely your host's fault.
        I'll pass this along, thanks.

        We also have suspicions, though, that the ex-staff member simply copied and pasted their code and it wasn't actually HellFire.
        Former vBulletin user

        Comment


        • #5
          We took care of the traitor a while ago, so we're still working on a homepage, but for the time being, is there a way to disable the hacked homepage and have http://www.kh-mediaflare.net simply redirect to http://www.kh-mediaflare.net/forum.php?
          Former vBulletin user

          Comment


          • #6
            Yes, how does FTP for root look like? Can't you simply remove the 'hacked by...' site and refer to your forum instead? If you want me to have a look then send me a ticket with the FTP access codes.
            No private support, only PM me when I ask for it. Support in the forums only.

            Comment


            • #7
              Originally posted by Hartmut View Post
              Yes, how does FTP for root look like? Can't you simply remove the 'hacked by...' site and refer to your forum instead? If you want me to have a look then send me a ticket with the FTP access codes.
              I don't have FTP access, so I'll pass this along to our owner to have him take a look here.

              Thanks.
              Former vBulletin user

              Comment


              • #8
                Check out the source of your hacked home page for answers on removing it.

                exec cat/etc/defaceinfo.txt",


                "Login : admin ok",

                "Password : ********* ok",
                -- Web Developer for hire
                ---Online Marketing Tools and Articles

                Comment


                • #9
                  Try changing the homepage URL by going to: Admin CP -> settings -> options -> Site Name / URL / Contact Details -> Homepage URL and then change it to what you want. For example: http://www.kh-mediaflare.net/forum.php Also if you want a default hompage without the 'you have been hacked' then just upload the vBulletin index.php file or content.php file to your forums root.

                  ScreenShottr - Open Source Screen Capture Tool (Just pin to your taskbar)

                  Comment


                  • #10
                    I just recently fixed such a 'hack'; check if there is a index.html called first when calling up the site. if yes, check the content and I bet you found the 'hack' already.
                    No private support, only PM me when I ask for it. Support in the forums only.

                    Comment


                    • #11
                      Originally posted by Hartmut View Post
                      I just recently fixed such a 'hack'; check if there is a index.html called first when calling up the site. if yes, check the content and I bet you found the 'hack' already.
                      there are more then one index.html files on my server how would I know what is what(aka the hacked index file)?

                      Comment


                      • #12
                        You can provide me your FTP access and a link to your forum via PM, then I can try to help you finding out which file is causing this issue.
                        No private support, only PM me when I ask for it. Support in the forums only.

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X