My board hacked 2 days ago 3.6.9

  • Time
  • Show
Clear All
new posts
  • Rostor
    • Jun 2001
    • 80
    • 4.1.x

    My board hacked 2 days ago 3.6.9

    Dear All,
    two days ago, my site was defaced due to the fact that I don't update the forum as soon as the patch was released.
    In any case, I spent 1 day to restore all the backup and now everything works fine.
    The attacker delete all the db, but I know that they did the first step 7 days ago when they try to put .c files on my w2k3 server ... lamer (no comment).
    There is a way in the admin log to trace the ip used 7 days ago when they did the first step ?
    Thanks for any kind of help.
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    You cna check the Admin Logs but unfortunately they could have covered their steps.

    Please see this thread on how to make your vBulletin more secure:

    If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    • Rostor
      • Jun 2001
      • 80
      • 4.1.x

      Thanks Steve for the support, in the admin logs I didn't find nothing right now but I'm working on it.
      Do you know what kind of user I could find in this log when they accessed with the xss ?
      They were not able to take the access of my server, I'm quite sure about this.


      • slappy
        Senior Member
        • Apr 2003
        • 1206

        If they were able to get access to your "server", the logs you need to check is you "server's". If you don't have access to them, ask you ISP to check them for around the critical time and see if they can obtain an IP, but remember that a clever hacker can always use a proxy to conceal their own IP.



        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.