My site was hacked today

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dustoff99
    Senior Member
    • Mar 2010
    • 170
    • 5.0.X

    My site was hacked today

    Hello,

    We need to inform you that your hosting account for section8gaming.com has been hacked and used to run illegal software on the server. To prevent further abuse of your hosting account and the server, we have disabled public access to the website. You can access it using the following login details:

    Username: xxxxx
    Password: xxxxx

    Here is how the hackers have exploited your account:

    122.173.243.83 - - [14/Sep/2013:10:49:59 -0400] "POST /forumz/admincp/subscriptions.php?do=modify HTTP/1.1" 200 158491 "http://www.section8gaming.com/forumz....php?do=modify" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" 0 0 "off:-:-" 1828 195868

    We deleted the following malicious files from your account:

    /home/section8/www/www/forumz/3xp.php
    /home/section8/www/www/forumz/403.php
    /home/section8/www/www/forumz/admincp/subscriptions.php

    To secure your website, and to avoid similar incidents in future, you will have to upgrade any third party software you are using on your account to the latest versions. Also, if you are using any custom scripts, please secure them as soon as possible.

    Furthermore, you will have to provide us with a valid licence for the vBulletin forum installed on your account (this is a paid version, so a copy of your payment will be sufficient).

    When you are ready, contact us back, and we will re-enable public access to the website.

    --
    Best Regards,
    Abuse Department
    I deleted my install directory (v 4.2), just fyi for anyone else before it's too late. Thankfully my host caught it quick.
  • we_are_borg
    Senior Member
    • Aug 2004
    • 5454
    • 4.2.X

    #2
    Well they caught it but i hope they saved the 3 files that they deleted so developers (the once that created the addon) can look at it or your self to see if it was altered.

    Comment

    • Wayne Luke
      vBulletin Technical Support Lead
      • Aug 2000
      • 73981

      #3
      First you need to follow our advisory about deleting the install folder off your forums.

      Then please read the following two blog posts:
      This guide is for what to do, after you’ve been hacked, exploited, and or defaced. Step 1, Change everything: If you believe, or think your site has


      Getting Started This guide is intended to be a starting point for helping to keep your site safe and secure in the long run. It is not a be-all, end-all guide


      Also please see these recent security announcements:

      vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
      vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment

      • dustoff99
        Senior Member
        • Mar 2010
        • 170
        • 5.0.X

        #4
        Wayne,

        I deleted the install folder off my site, then moved all of my vB 4 to another sub domain (and will delete the entire sub domain after I try to gather important files / post / etc, and then did a fresh install of 5.0.4 PL1.

        Comment

        Related Topics

        Collapse

        Working...