Forum hacked via an Announcement

**stryka** · Fri 27 Sep '13, 12:14pm

I think you answered your own question... read the blogs on other steps on how to cleanup after the deletion

Originally posted by Pierce

Also I just read the notice about removing the install directory. Just did that too.

**Pierce** · Fri 27 Sep '13, 12:25pm

Yes I am reading that now. Still working on it. Thanks.

**Wayne Luke** · Fri 27 Sep '13, 1:11pm

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:

Fixing your site after you have been hacked. - vBulletin Community Forum

http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked

This guide is for what to do, after youve been hacked, exploited, and or defaced. Step 1, Change everything: If you believe, or think your site has

Best practices for securing your vBulletin site. - vBulletin Community Forum

http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site

Getting Started This guide is intended to be a starting point for helping to keep your site safe and secure in the long run. It is not a be-all, end-all guide

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

**samdu** · Fri 27 Sep '13, 1:28pm

Okay, I'm having the same issue and being redirected to the same site (herblog.blogspot.com). But there are no announcements active on my site. What's the fastest way to find this redirect and eradicate it?

**donald1234** · Fri 27 Sep '13, 1:58pm

Originally posted by samdu

Okay, I'm having the same issue and being redirected to the same site (herblog.blogspot.com). But there are no announcements active on my site. What's the fastest way to find this redirect and eradicate it?

Waynes post above delete your install folder and any rogue admins then follow the above advisories.

**Wayne Luke** · Fri 27 Sep '13, 2:10pm

Originally posted by samdu

Okay, I'm having the same issue and being redirected to the same site (herblog.blogspot.com). But there are no announcements active on my site. What's the fastest way to find this redirect and eradicate it?

AdminCP usually doesn't have any issues with template insertations or plugins. It is a little isolated that way. You can disable all plugins in your config.php file and see if that helps.

Please disable all plugins on your board and tell us if the problem persists.

To do this, edit your vBulletin config.php file currently on the server by adding the following line after the <?php line:

define('DISABLE_HOOKS', true);

Then reupload the config.php file into your forum's includes folder.

**samdu** · Fri 27 Sep '13, 2:28pm

I found it, guys. It was just a redirect line placed in the header. Much easier to expunge than I expected (and had I known, I wouldn't have been searching everywhere else

). Thanks for the suggestions.

vBulletin 4 End of Life

Forum hacked via an Announcement

Forum hacked via an Announcement

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics