HELP!!! - code injected into all my index.php files somehow

I just thought someone might know something and be nice enough to help out. vB hasn't been really helpful for years now...unless you pay them, and even then they're probably not going to be helpful. If I had time and money to pay them, and upgrade, etc. I wouldn't be asking here. vB doesn't really know sh*t about Windows servers either.

Thanks

I suggested it because this is something that will require some deep looking into to be able to figure out the point of entry. Here in the forums the best you can get is advice, which you got from Lynne. But other than that it is not much that one can do in a situation like this other than checking things directly where the hack happened.

Actually, as long as those are the only files targeted, I seem to have solved the problem by denying write privileges on all previously attacked index.php files. I'm no coder or programmer, so I really had no idea they had to be protected as such. I mean, I've been running this forum for over 13 years now and never had anything like this happen. I must be doing something right? vB hasn't been much help in many ways over the years, just because I used a Windows sever. Nobody seems to know sh*t about them.

- - - Updated - - -

Back when I set this up, I decided to use my own server, and at first vB was slightly helpful in non IIS troubeshooting issues. That knowledge seems to have decreased over the years, and also since they started just turning down anyone who doesn't want to upgrade every version or have installed extensively tested hacks which have been used for a long freaking time now. Upgrading sucks when you've collected a nice collection of tried and true hacks, which have been updated a necessary. Most of them are what has kept my forum running pretty damn secure for so long now.

We still provide server optimization, and if one of the reps knows how to answer you, we can about webserver configuration things. However since 2002, everything has gotten a lot more complicated. Its hard for us to tell you how to fix something webserver related. We never really provided help with addons/modifications since I've been here as staff in 04. Not sure why you think that has changed.

No offense, but from what I've researched, this is kind of an old issue. Why don't you seem to know about it at all? So far just denying write permissions on the index files alone has seemed to have locked it down. Nothing has happened in a while anyway. Wish me luck that it stays that way! I can't believe you don't have IIS experts. vB has always run faster on IIS, IMO. I know others have done it too...I just can't seem to find any.

Your Apache log file should show everything he did! And those files should be outside your root! Only other way he could remove them is if he had FTP access! I would suggest if you host your own server do not use port 21 for FTP... Also check any scripts you are running with your website other then Vbulletin I am sure your running something that has a well known exploit if you got injected!

I don't run Apache. It's WINDOZE IIS and it's been fast and secure for a freaking long time. FTP is not enabled at all. Although, I do run my own DNS, it's not an active domain server. Go ahead...run a ShieldsUp scan on my server or something. Port 80 is all that's open. I use a complex version of DD-WRT in my router and a SW firewall.