No announcement yet.

vBulletin 3.6... hacked!!

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Most likely they have editted your header... Can you log in to your admincp?
    Dutch vBullletin users social group!


    • #17
      Why not just login to your Cpanel/Plesk, open PhpMyAdmin, change your password or create another user with admin. Edit your config.php via the filemanager and add that new user # as a super admin.

      For sure I would be checking my mod_security logs also and if your not dedicated, contact your host to view/check any security logs/audits.

      Then follow the previous suggestions of protecting those files.


      • #18
        This is the most recent message from AOS:

        Since these hacks take place at the database level, changing the index.php will not remove the hack. If you have any existing database backups from before the hack, they can be used to restore the forum to its native state.



        • #19
          First, change your ftp password. Then upload from the do_not_upload dir tools.php into your admincp directory. Run it to get admin access back. After that login into admin acces, and revert all your templates back to normal. After then, look @ your logs.
          Dutch vBullletin users social group!


          • #20

            You could login via the page.

            Once logged in I would check the following styles or revert them..


            I would also go to phpmyadmin and build a query to find all changes/adds in a specific time/date filter.

            Oh and upgrade to the lastest VB.


            • #21
              Why not just login to your Cpanel/Plesk, open PhpMyAdmin, change your password or create another user with admin.
              I don't know how to do that... I can enter PhpMyAdmin but then I don't understand anything...


              • #22
                ftp into your site and re-upload your vBulletin files. What it looks like is happening is that common files have been hacked (files with the words index, login, etc). If you scan inside your forum directories the only index.html files there should only be empty files. Uploading just your index.php will not help you as the malicious code is also executed from login.php (or other common files), or index.html files located throughout your forums directories, and it adds it back to, or re-writes, or by-passes, your index.php file.

                If this is the case, it means your host provider was hacked, not you, at the root level.


                • #23
                  OK, I just recovered my admin account, now the only problem is the index.php, I temporary deleted it in order to redirect users to subforums...


                  • #24
                    I just updated the forum to 3.6.8, the hacked index was still appearing, i just deleted and will be using the improvised index.htm until new notice...


                    • #25
                      Have you reverted your style? Your header/footer and other templates? Or do yourself a favor, please submit a ticket to vbulletin so they can take a look. I
                      Dutch vBullletin users social group!


                      • #26
                        OK, with the help of one user, I finally could find the error, not that the "priority support" of vBulletin would help even a bit, they may be better watching TV, but whatever, here are our findings:

                        1. The hacker enter the admin account, changed the password and email.

                        2. The hacker then edited the templates.

                        I have restored all templates but one, in case its useful for someone here. Can contact me at [email protected] and I'll send you a copy of this evil edited template.

                        Thanks for nothing, vbulletin "priority support".


                        • #27
                          Have you filled in suport here: ?

                          And the suggestion about templates have been given in this topic. vBulletin hasn't been hacked, but your account has...
                          Dutch vBullletin users social group!


                          • #28
                            I asked for support via the Support ticket system, of course they didn't do a bit.

                            vBulletin hasn't been hacked, but your account has...
                            Maybe, maybe not. I'm not an expert and server and software companies tend to say its fault of the other...


                            • #29
                              Sorry to hear that you got hacked. I think that maybe your host'''s server was compromised and that is how they got at your site, via another compromising account. Are you on a shared host?

                              If I were you, I would change all the passwords, empty the database and install the backup from before the hack. Then I would lock down the permissions to the files until I figure out what is going on.

                              You can open a ticket at the members area and maybe the team would investigate it for you. But I don''t think that it is vb''s fault. From what I have heard, vb is the securest forum software on the market.


                              • #30
                                I don't know who is responsible for the security hole, maybe I am, what I say, is that vBulletin support didn't help.


                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.