No announcement yet.

Top urgent: My website is being hacked

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Bug / Issue] Top urgent: My website is being hacked

    Dear Vbulletin

    Someone is continously hacking my entire servers, presumably through my vbulletin service. From my modest understanding of hacking, he is using shells and uplaoding php files that give him full control of the root server where the script is installed.

    Is this happening to any other person than me?
    Is there a vulnerability that needs to be addressd?

    Please, this is top urgent. Could you please help me understand what I should do to prevent the hacking attacks?

  • #2
    Follow these steps:
    1. Download vBulletin 5.5.4 Patch Level 1.
    2. Create a new directory on your server (i.e. forums_new)
    3. Upload 5.5.4 Patch Level 1 to this new forum.
    4. In the new directory rename /config.php.bkp to /config.php.
    5. Rename /core/includes/ to /core/includes/config.php
    6. Rename /htaccess.txt to .htaccess
    7. Turn off your forums
    8. Create a Database Backup.
    9. Rename the old vBulletin directory (i.e. forums_old)
    10. Rename the new directory to replace your old vBulletin directory (i.e. forums)
    11. Run /core/install/upgrade.php in your new forum directory.
    12. Delete /core/install
    13. Turn on your forums.
    14. If you store attachments and avatars in the file system inspect your attachment and customavatar directories for any PHP or HTML files. Delete these Files. Move the attachments and customavatar directories to your new vBulletin forum directory.
    15. Delete the old vBulletin directory off the server.
    Outside of vBulletin, you should review any files that you have for other services as well.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API


    • Mohammed Abu Risha
      Mohammed Abu Risha commented
      Editing a comment
      Thank you for your reply. The hosting service has done the upgrade for me.

    • Mohammed Abu Risha
      Mohammed Abu Risha commented
      Editing a comment
      I am doing the upgrade again. But there is an error message when entering the upgrade url: 2: mysqli_real_connect(): (28000/1045): Access denied for user 'root'@'localhost' (using password: NO). What do I have to do?

  • #3
    You should also change the password of every user with elevated privileges (editor, admin, etc), because the password hashes could have been stolen and are being worked on to brute force. You should also change the database credentials. Finally, you should either lock out every user, to force them to change their password at next login, or email all the users letting them know their encrypted password hashes may have been stolen, which could lead to the password being compromised. Many people use the same password everywhere, so not doing this could result in their having personal accounts elsewhere get hacked.


    • Mohammed Abu Risha
      Mohammed Abu Risha commented
      Editing a comment
      Thank you! How do I force users to change their passwords?

Related Topics