Announcement

Collapse
No announcement yet.

Site Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Site Hacked

    Hi, I got hacked today and I don't know what to do. I've tried deleting all the forum files and re-uploading fresh ones but it's still the same.

    Here is the URL: www.its-all-about-oldskool.com

    Any help on this matter would be a life saver, thanks.
    The Number 2 Oldskool Site
    Its All About Oldskool

  • #2
    strange, i think they have put something into your database

    Comment


    • #3
      Originally posted by China-Rising View Post
      Hi, I got hacked today and I don't know what to do. I've tried deleting all the forum files and re-uploading fresh ones but it's still the same.

      Here is the URL: www.its-all-about-oldskool.com

      Any help on this matter would be a life saver, thanks.
      I have a feeling that deleting the forum files is not enough.The problem might come from somewhere else from your site.
      Check your index.php,index.htm files.


      vB5 is unequivocally the best forum software, but not yet...

      Comment


      • #4
        can you restore from a backup.
        www.cdmagurus.com
        www.cellphone-gurus.com

        Comment


        • #5
          First of all... try to change all of your passwords.
          Second of all... When U deleted the forum files, did you left some other files not related to forum (did you deleted the config.php)? If yes then check them. If the problem persists after U delete the forum files then the problem is not with the forum but I think the code might be in the data base.
          Third of all... Does anyone else have access to your root access?

          Comment


          • #6
            It is hard to say and actually we can only speculate about what happened. Changing all passwords would be the first thing to do now, then check the logs of your server in order to see how you got compromised. If you can't do that yourself, ask your hoster. Next will be checking your FTP. Look at the dates when files got changed. Look at the dates when new files got uploaded. I hardly doubt that this will be caused by an issue that comes from the database, at first sight this looks like either a html (check for index.htm, index.html etc. on FTP) or a redirect to free webspace (check for changed and eventually hidden .htaccess files).
            No private support, only PM me when I ask for it. Support in the forums only.

            Comment


            • #7
              Dear Hartmut, I don't know if it's possible in vb4 but I remember that some time ago in phpbb I had the html enabled in posts (it was my mistake to let this on) and a hacker had put a html code in one thread that messed my entire website. I couldn't do anything until I removed that post from the data base.

              Comment


              • #8
                Hm, ok, i admit that this could be an option - and I would like to now the leak even more now - but looking at the source code let's me believe that this could be a simple html showing. Logging in to http://www.its-all-about-oldskool.com/admincp/ and turning the forum off should bring us some light then.
                No private support, only PM me when I ask for it. Support in the forums only.

                Comment


                • #9
                  And that's one of the main mistakes. He left the path to admincp by default. I would change it to something different.
                  In my opinion, from my experience this happened due to weak password.
                  By the way China-Rising, what kind of vb4 version are U using?

                  Comment


                  • #10
                    Originally posted by Hartmut View Post
                    Hm, ok, i admit that this could be an option - and I would like to now the leak even more now - but looking at the source code let's me believe that this could be a simple html showing. Logging in to http://www.its-all-about-oldskool.com/admincp/ and turning the forum off should bring us some light then.
                    The forum was switched off by me last night. This was before I uploaded the fresh files through FTP. I also don't have HTML turned on and never have. Before uploading the fresh forum files I checked the files for anything with a recent date on them but all seemed fine. I didn't check within folders as the dates on the folders seemed to fine fine and corresponded with the last VB update.

                    I'm running 4.20 Patch Level 3.

                    - - - Updated - - -

                    Originally posted by DoDeH1 View Post
                    And that's one of the main mistakes. He left the path to admincp by default. I would change it to something different.
                    In my opinion, from my experience this happened due to weak password.
                    By the way China-Rising, what kind of vb4 version are U using?
                    If I knew how to change the path of the admin log in I would do, I didn't even know that was possible.

                    - - - Updated - - -

                    Originally posted by DoDeH1 View Post
                    First of all... try to change all of your passwords.
                    Second of all... When U deleted the forum files, did you left some other files not related to forum (did you deleted the config.php)? If yes then check them. If the problem persists after U delete the forum files then the problem is not with the forum but I think the code might be in the data base.
                    Third of all... Does anyone else have access to your root access?
                    I deleted all the files and uploaded brand new ones, including a new config file.
                    The Number 2 Oldskool Site
                    Its All About Oldskool

                    Comment


                    • #11
                      Did you already manage to find out what happened? Atleast the screen is gone and vBulletin shows up again.
                      No private support, only PM me when I ask for it. Support in the forums only.

                      Comment


                      • #12
                        Originally posted by Hartmut View Post
                        Did you already manage to find out what happened? Atleast the screen is gone and vBulletin shows up again.
                        This is quite bizarre Harmut and perhaps you or someone else can shed some light on it.

                        I replied to this thread when I got home from work and set about trying some more things to see what was going on. I checked all the files mentioned in the thread and it came up negative, I checked the HTaccess file and that came up negative. I then reverted some templates (just in case), I then ran the upgrade script, it went through the motions and hey presto, the site came back.

                        I have it turned off at the moment so I can adjust some settings and check everything with a fine tooth comb.

                        Any ideas why the upgrade script would fix it? or seem to fix it?
                        The Number 2 Oldskool Site
                        Its All About Oldskool

                        Comment


                        • #13
                          One explanation could be that your index.php was compromised and by uploading the new files for the update, the compromised file got overwritten. But that's just a fast idea, there can be more reasons which we can not reproduce now anymore.
                          No private support, only PM me when I ask for it. Support in the forums only.

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X