Deleted..... 2nd post below is what I did.
I got hacked, I fixed it. Here is my story to help others.
Collapse
X
-
-
Never post how to use an exploit on this site, or links to how tos on how to take advantage of them.
Please see these blog posts:
Please read the following two blog posts:
This guide is for what to do, after youÂ’ve been hacked, exploited, and or defaced. Step 1, Change everything: If you believe, or think your site has
http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-siteGetting Started This guide is intended to be a starting point for helping to keep your site safe and secure in the long run. It is not a be-all, end-all guide
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Comment
-
My site was hacked on Sept 11, like many, and I've paid my host to remove the malware, but they want me to upgrade to the latest vbulletin first. Does that make sense? Shouldn't they remove the malware first, then I update the vbulletin to the latest version? I'm concerned that if I try to upgrade the vbulletin when they haven't fixed the malware, then I could lose everything. Should I tell my host to remove the malware first?
The homepage of my vbulletin doesn't work - the hackers message appears instead. Also the login.php page doesn't work. However I can access the forum and post by going to specific post pages. I feel like it's risky to upgrade to the latest version of 4.x under these circumstances. Should I be worried?Comment
-
So, does anyone know what I should do? I deleted the install folder. Should I have my host remove the malware before I upgrade vbulletin to the latest version, or should I upgrade to the latest version then get my host to remove the malware?Comment
-
This is a very out of date version. There have been 14 releases since then. All fixing bugs and issues that can make your site more secure. Even then vBulletin 4.1.0 is on Patch level 9.
You need to delete the malware before upgrading. Remove any plugins you didn't install. Delete any suspect files.
Then upgrade.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
In addition to this advice, I would suggest compromised sites begin deleting any recently created admin accounts or user accounts that are flagged by the upgrade process as having customized key templates. Protecting the real admin accounts with edit restrictions in the config.php file is probably a good idea too.Comment
-
This is a very out of date version. There have been 14 releases since then. All fixing bugs and issues that can make your site more secure. Even then vBulletin 4.1.0 is on Patch level 9.
You need to delete the malware before upgrading. Remove any plugins you didn't install. Delete any suspect files.
Then upgrade.
I didn't update that version because it was good. Every time I would visit the vbulletin forum here people were complaining that there were bugs in the upgrade, so I figured if there are so many bugs why would I want to upgrade and screw up my site and try to fix it. It seemed that every time I turned around the latest release had major issues so I didn't want to risk it and put myself through all the fixing every time I turned around since the version I was running was working fine.
In addition to this advice, I would suggest compromised sites begin deleting any recently created admin accounts or user accounts that are flagged by the upgrade process as having customized key templates. Protecting the real admin accounts with edit restrictions in the config.php file is probably a good idea too.
I'm wondering - if I change the cpanel password will anything need to be changed in vbulletin backend or in the config file. In other words, if I change the password for cpanel/ftp access will the vbulletin lock me out or will it still work properly?Last edited by Eternal_; Sun 22 Sep '13, 8:42am.Comment
-
Not sure if you mean admincp or whm cpanel or both but in both cases it's no, your admincp pass is encrypted and stored in the database not config.php and whm cpanel has nothing to do with vbulletin but wise to change its password periodiclly as if an attacker gets in there he can delete everything inc your backups.Comment
Related Topics
Collapse
-
by paul863Hi,
My forum.cloudcomputingpath.com si hacked by Myanmar Hacker. I am using vbullatin 5.0.3. can you tell me how can i restore my account.-
Channel: Support Issues & Questions
Fri 20 Sep '13, 4:07am -
-
by CygnusFTKNothing to see here. This thread can be deleted. Support fixed the issue that I could not fix for the life of me...
-
Channel: Support Issues & Questions
Tue 17 Sep '13, 12:38pm -
Comment