Announcement

Collapse
No announcement yet.

My site is hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My site is hacked

    I was using vbulletin 5.5.6 hacker deleted all filed only left his index file. I deleted all the files then uploaded vb 5.6.2 but before I installed it all the files where disappeared and only hackers index file left it says hacked by monzera.

  • #2
    So you deleted all the files, uploaded new ones and those were deleted? Please change your SFTP password. If you vBulletin is stored in a sub-directory, then verify that the files in your other directories should be there as well.

    Once this is done, then upload the files and connect them to your database.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Wayne Thank you very much. it was a nightmare I installed vBulletin Version 5.6.2 Patch Level 1 and changed all passwords after upgrading from 5.5.6 to 5.6.2
      I disabled PHP, Static HTML, and Ad Module rendering. I want to enable them because I have banners listed in the html modules. so my question is... is it safe to enable them with vB 5.6.2?

      Comment


      • Mohammed Abu Risha
        Mohammed Abu Risha commented
        Editing a comment
        I suggest you scan your website first for malware, delete them then install vbulletin. There are free online scanners.

    • #4
      Originally posted by emral View Post
      Wayne Thank you very much. it was a nightmare I installed vBulletin Version 5.6.2 Patch Level 1 and changed all passwords after upgrading from 5.5.6 to 5.6.2
      I disabled PHP, Static HTML, and Ad Module rendering. I want to enable them because I have banners listed in the html modules. so my question is... is it safe to enable them with vB 5.6.2?
      php modules will not work in the patched version. They have been permanently disabled and will eventually be removed.

      Details are in the release announcement: https://forum.vbulletin.com/node/4445227

      Static HTML and Advertising modules will be fine as they are unaffected.
      MARK.B | vBULLETIN SUPPORT

      TalkNewsUK - My vBulletin 5.6.3 Demo
      AdminAmmo - My Cloud Demo

      Comment


      • #5
        vb 5.6.2 fresh site hacked again
        plugins and products where disabled
        PHP, Static HTML, and Ad Module was disabled
        Last edited by emral; Thu 13 Aug '20, 3:05am.

        Comment


        • #6
          Make sure there are no suspect files included on your site. Including outside the vBulletin directory. For vBulletin, you can use the Suspect File Diagnostic tool.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #7
            We have scanned whole server with this tool maybe you know them : https://www.imunify360.com/

            I have olso used vbulletin diagnostic tool there are no suspected files except some gif's and jpg's image files. I changed domain name and enabled cloudflare.

            All plugins are disabled.
            PHP, Static HTML, and Ad Module rendering are disabled

            http://www.bahiskilavuz3.com/vbulletin

            this is my site please take a look at it

            is there a quick way to check for SQL injection ? which tables I have to check?

            Comment


            • #8
              The recent issue was not a SQL Injection issue. It was a Remote Code Execution issue. If you're really worried about something in the database, then you should uninstall all plugins and reinstall them from scratch. Then you should run /core/install/upgrade.php to rebuild all templates.

              If you have applied the patch and removed any suspect files, you can enable the option for PHP, Static HTML, and Ad Module rendering. The PHP Module no longer works but the other two types will.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • emral
                emral commented
                Editing a comment
                thanks for the advice I have only html modules so I am happy that I can run my adv banners

            • #9
              Originally posted by Wayne Luke View Post
              The recent issue was not a SQL Injection issue. It was a Remote Code Execution issue.
              The remote code execution exploit is far more worse than SQL injection, it is the worst thing imaginable. Basically the exploit simply gave everybody full shell access, which includes full database access.

              This exploit is so easy that it is the dream of every hacker, so they are usually very rare. But it happened twice within one year for vBulletin! Because they didn't properly fix the first exploit.

              Comment


              • emral
                emral commented
                Editing a comment
                before my forum was hacked I was warned by vBulletin about this security issue but as I was travelling I could not run the patch thus I can only blame myself.

            • #10
              emral (I don't know how to reply directly to your inline reply of my previous post.) A lot of forums were already hacked before the security update notice by email. See https://forum.vbulletin.com/forum/vb...rning-question

              Forums were hacked. Then a user reported it on this forum. Then it took vBulletin more than 30 hours to test the exploit and respond. In that meantime, the exploit spread among hackers. The exploit was already used massively before the first email notification from vBulletin, in which they just say: "A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch." This message is way too soft for this most dangerous type of exploit.

              Also, the exploit is so dangerous and easy at the same time, that a lot of forums where hacked multiple times by different hackers. So even when your forum was damaged after the email notification, hackers probably already stole your user table before damage was visible.

              Comment


              • #11
                Originally posted by LBS View Post
                Forums were hacked. Then a user reported it on this forum. Then it took vBulletin more than 30 hours to test the exploit and respond.
                This is not true at all. Our network operations team saw suspicious activity on this site and shut it down over the weekend. However, the vBulletin team wasn't directly notified about this. When I came into work on Monday morning, I started investigating what had happened to the forum. It was then that we started finding out about the problem. Immediately a patch was created, tested, and distributed within 6 hours. The emails started going to customers immediately after that. No one actually reported it to us before any of this happened.

                As for the message we post, it is deliberately vague in order to try and keep issues from spreading faster. We're not going to tell people how to hack sites. Everything you post is speculation. As such, further posts will be moderated.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment

                Related Topics

                Collapse

                Working...
                X