Hacked by a Wanna-be...

I don't know how you do it Steve. Was this for real? I suspect not.

Did you look through your access_logs? That is a good way to start to see how they got it.

Have you restored a backup database from before you were hacked?

Have you reuploaded all your default files to your site?

What have you done to fix the problem?

So you know who hacked you? Pissed him off and he had access to your FTP or folders?
There are two ways to fix this, contact your host to check the logs and summit a support ticket that gives everything they ask for. Do you try to figure out how to fix a car when you don't have any clues on how to do it. sensor problem, computer problem, wiring problem and a hundred different things while you are looking at the tires?

He has done nothing to fix the problem.

• No url
• no contact host
• no information for support ticket
• no asking the $200 a day hacker what he did
• no version of vBulletin

it would help if it would did any of this. Version of VB he should know, it was the last one he uploaded from his PC.

Posts removed for insulting and quoting the insult. Please do not do this again.

Just give them access... I mean if you can't trust vBulletin staff w/ your info who can you trust? I trust them .

1) yes loco, I am not quite as dumb as i appear, my first thought was to change the index....

2) I did not mean I was trying to cure the problem by changing anything. What I am saying is when
I interrupted the /includes/ directory, the the hacker page went blank...so does this mean the source
of the hacked page is coming from within the /includes/ directory?

3) Just because he did what he did does not make him smart if that is all he could do to my site...
The forum just compliments my site, it is not the money maker, and never has been....I just have
not found what he has done, chances are, any other "hacker" would have taken advantage of the
same weakness, probably the extent of their education as a whole anyway....

4) someone said replace the index; I see nothing in the index that would indicate the hack,
if it was the index, then any common person using VB would be hacked....

5) version 4.1.2

6) I also noticed that VBSEO urls no longer work...
(htacess is missing, host may have done that, who knows...)

7) SuperMan - You guys just do not get it...this isnt about trust. I have given VB
access before, this is not a trust issue...There is life outside my hacked forum....
I have just not had time to do it yet...before this is over, they will have access....

Ill kick this over to VB before the weekend is over...

I just have a lot going on right now, and includes an upcoming major move, bla, bla, bla....

I have, but the logs are so long that I could have just as easily missed something...and the
host does not appear all that much concerned or even being helpful...my last email to them
was if they can find any IP's other then myself connecting to my account/ftp, etc...not that
it will matter that much in the end....

I have backup's 3 ways to sunday, but without finding the problem at hand, then we just reset
and wait for the next hack to come in again, then we start it all over again...nothing accomplished....

tomorrow I will reupload v4.1.2 or higher - if that does not work, then I guess it was a 3rd party mod that was hacked...

To another poster, yea, I guess I pissed off someone, now that I think about this, it wasnt even a month ago when
microsoft gave me a red flag warning for my entire site...(virus warning) it is a popup that you get when you go to
a website that warns you of a potential virus....

took 2 weeks to convince them my site wasnt a virus out to take over the world....

someone got me on that one, lost a few bucks during those two weeks....

I hate when I become the pattern....

Appears to have been a db hack....

Right after customavatar tables is nothing but garbage/jibberish... then when it gets to the next table the code goes back to normal again...

I can tell from coding and complete garbage.....

How does someone hack the db anyway?

did you leave the install file in the ftp

the install directory was in place under a different name; I suppose the install.php was there.
I have since deleted the install dir along with any files in the install directory....

only delete the install.php and upgrade.php file will stop them

So that was their way into the db?

one of the ways always better to remove them

You won't know unless you check your access_logs to see how they got in.

Back in operation again....

I lost a few changes, but nothing major...

backup worked perfectly!

now to update, then backup again....