Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 19 Oct 2011, 21:16
Lestat_ Lestat_ is offline
 
Join Date: Apr 2011
forum hacked

a few hours ago, when login to our vbulletin forum, i get a blank page with message "hacked by Xplo1T www.prvtzone.net www.belegit.net "
I already checked all php & js files, but none has been changed today, no htaccess files have been changed neither, so i'm guessing it has been done with a kind of redirect parameter in the database - anybody has an idea how i can fix this ? where in the database i should look for a parameter causing a redirect ?
Reply With Quote
  #2  
Old 19 Oct 2011, 21:52
nerbert nerbert is offline
 
Join Date: May 2008
I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.
Reply With Quote
  #3  
Old 19 Oct 2011, 21:53
LeventX's Avatar
LeventX LeventX is offline
 
Join Date: Dec 2010
Real name: Levent
Your Server Apache or LiteSpeed ?
__________________
bilgisayar forum
Reply With Quote
  #4  
Old 19 Oct 2011, 22:40
GavoTrav's Avatar
GavoTrav GavoTrav is offline
 
Join Date: Jun 2011
Real name: Gav
nevermind..

Last edited by GavoTrav; 19 Oct 2011 at 22:41. Reason: nevermind..
Reply With Quote
  #5  
Old 20 Oct 2011, 12:42
Lestat_ Lestat_ is offline
 
Join Date: Apr 2011
thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed
Reply With Quote
  #6  
Old 22 Oct 2011, 15:00
River J River J is offline
 
Join Date: Jun 2011
Originally Posted by nerbert View Post
I would NOT click either of those links!

I don't know anything about hacking and recovering from being hacked but just out of curiosity what does the location field say at the top of your page?

Have you tried going to another forum page, such as online.php?

Can you get into your adminCP?

My advice: submit a support ticket to vBulletin.
Clicking a link to a forum isn't going to do anything.....the forums are just full of scrubs who know how to follow tutorials posted online
Reply With Quote
  #7  
Old 22 Oct 2011, 15:04
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by Lestat_ View Post
thanks for the replies guys, it seems the hacker gained access through a vulnerability in the search.php page and via admincp he began changing admin pwd's & email adresses. The reason why index & forum.php were showing the hackers message was because he altered the template forumhome and replaced it with his html page.
Fortunately, vbulletin has a wonderful functionality of reversing templates so that fixed the problem. this topic can be closed
You need to identify the admin userid numbers in config.php as unalterable/undeletable users. This will prevent password and other changes.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 05:25.

Layout Options | Width: Wide Color: