HELP! Forum Hacked

**ENF** · Fri 21 May '10, 4:22am

Your first problem is being banned; but maybe restoring a backup through your host is the best option to start with. *but* you'll need to find out where the security hole is.

If you can restore your last known good backup, you can start from there by changing your passwords. If it *was* that mod's account, I'd disable that account immediately after the restore and advise your mod to have his PC checked for key-loggers or other browser hijacks that could have intercepted his log in information.

Let us know if any of this makes sense, a number of people here can jump in and give you some advise on what further steps to take.

**rase2** · Fri 21 May '10, 11:18am

Yeah that was immediate thought, I've just never done it before so I'm not sure exactly how I would go about doing it.
I'm on bluehost.
I know it's a bit tedious but would you be able to give me a REALLY simple step by step or soemthing, anyone?

I've got backups done through admin panel, through my server, and even of the whole forum downloaded, so wondering which would be the best move.

**borbole** · Fri 21 May '10, 11:34am

Originally posted by rase2

Yeah that was immediate thought, I've just never done it before so I'm not sure exactly how I would go about doing it.
I'm on bluehost.
I know it's a bit tedious but would you be able to give me a REALLY simple step by step or soemthing, anyone?

I've got backups done through admin panel, through my server, and even of the whole forum downloaded, so wondering which would be the best move.

Try first to unban your self. Go to phpmyadmin and run this query:

Code:

DELETE FROM userban WHERE userid = 1;

If your db tables have a prefix, include that as well in your query. And if your uid is not 1, then enter the right uid.

Now, if no damage is done at the database and if it is not infected, then no restore is necessary. Simply ban the hackers then run a thorough check up on all your files in your server space. Also, it would be best if you cleaned up all your forum files by replacing them all with a fresh set from the vb package, your forum version. Then, change all the passwords and scan your pc with an antivirus/antispyware program.

And as last but not least, inform your host so they can check the access logs and see how exactly did the hackers gained access to your forum. Hope it helps.

**rase2** · Fri 21 May '10, 12:18pm

Any chance you can go simpler? Like, complete newbie level :/
I literally have zero experience with phpmyadmin.
Sorry guys, being a bit useless here.

**borbole** · Fri 21 May '10, 12:21pm

Originally posted by rase2

Any chance you can go simpler? Like, complete newbie level :/
I literally have zero experience with phpmyadmin.
Sorry guys, being a bit useless here.

Sure, all you have to do is copy/paste my query above and run it at the SQL tab at phpmyadmin in the CP of your host. That will unban your account at your forum. So you will be able to log in normally again to your Acp.

**rase2** · Fri 21 May '10, 8:47pm

When I do that I get the following answer:

#1146 - Table 'forum.userban' doesn't exist

Edit: Got it to work, slight change needed. However it achieved nada :/
Apparently I'm still banned.

**birdie** · Fri 21 May '10, 8:50pm

Cab I suggest you spend a few$ and post a request over at www.vbulletin.org to pay someone to do this. I have done this in the past when I have had a problem like this, esp when it was techanically beyond me. It far less hassle to get someone who knows what they are doing to do it for you. I have never been disappointed with any of the people I hired via vb.org to do these one off jobs for my forums. It will be quicker and easier than a lot of back and forward in forum threads.

**rase2** · Fri 21 May '10, 9:05pm

This is true, thanks, however for the time being, if I can get it fixed this way, save cash, and learn in the process, I figure it'll be more beneficial for me.
Thanks though.

Any chance anyone has any other ideas?

**sadikb** · Sat 22 May '10, 12:49am

Hi, PM me your phpmyadmin details and I will help unban you provided the database has not been corrupted. If it doesn't work you need to do as birdie suggested.

**borbole** · Sat 22 May '10, 6:32am

Originally posted by rase2

When I do that I get the following answer:

Edit: Got it to work, slight change needed. However it achieved nada :/
Apparently I'm still banned.

What is your userid? If it is not 1 then you should enter the right uid at the query. It works fine. I have used it on several occasions without a problem. or register a new account at your forum and then make that an admin at the phpmyadmin.

**rase2** · Sat 22 May '10, 12:16pm

As is, I can't register because it's saying IP's are banned.
Also if I go direct to the register.php link it just takes me to a message saying that the site was "raped without no protection".
I feel it may also be worth mentioning that another forum in our "network" so to speak (shared members), got hacked by an arabic group as well (different one) about a week before us, which kinda sucks.
As for userid, it is 1. I ran that query and it's done nothing, except say:

0 row(s) deleted. ( Query took 0.0003 sec )

Which really baffles me.

Has anyone got any other ideas? Or have I missed something?

**borbole** · Sat 22 May '10, 12:30pm

Originally posted by rase2

As is, I can't register because it's saying IP's are banned.
Also if I go direct to the register.php link it just takes me to a message saying that the site was "raped without no protection".
I feel it may also be worth mentioning that another forum in our "network" so to speak (shared members), got hacked by an arabic group as well (different one) about a week before us, which kinda sucks.
As for userid, it is 1. I ran that query and it's done nothing, except say:

Which really baffles me.

Has anyone got any other ideas? Or have I missed something?

In that case maybe it would be best to revert to your most recent backup from before of the hack.

**rase2** · Sat 22 May '10, 1:11pm

^Again, complete newb to this, so I'm not 100% sure how to, and don't wanna risk further damage.
Sorry, can I get a quick expo?

(On the plus side this may prove as a useful thread for further newbs lol)

**borbole** · Sat 22 May '10, 1:42pm

Originally posted by rase2

^Again, complete newb to this, so I'm not 100% sure how to, and don't wanna risk further damage.
Sorry, can I get a quick expo?

(On the plus side this may prove as a useful thread for further newbs lol)

Do you have a recent backup of your db from before you got hacked? If you are not sure, ask your host about it. If you do, restore it. There are several articles at the online manual on the subject. You might want to have a look there. Also, there are quite a lot of posts/threads on the matter so you might want to search the forums as well. Hope it helps

vBulletin 3 End of Life

HELP! Forum Hacked

HELP! Forum Hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment