No announcement yet.

Malware Found, removed files but Forum broken

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Malware Found, removed files but Forum broken

    I have been waiting for official vBulletin support to get back to me for nearly 2 hours now, but nothing has come through so I thought I'd open up to the community for help.

    My site was hacked and has some malware installed. I isolated the malicious files and removed them (they were not part of the core vBulletin files). However, now when trying to access my site I get the following errors:

    Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /home/site/public_html/forum/includes/class_core.php(4716) : eval()'d code on line 208

    Parse error: syntax error, unexpected '<' in /home/site/public_html/forum/includes/class_core.php(4716) : eval()'d code on line 209

    Warning: Cannot modify header information - headers already sent by (output started at [path]/includes/class_core.php(4716) : eval()'d code:208) in [path]/includes/functions.php on line 4513

    I have reuploaded class_core.php just in case but that didn't help. What can I do? I can't get in to admincp either?


  • #2
    To troubleshoot this, first download a fresh copy of the vBulletin ZIP file from the Members Area then reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

    Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

    [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

    Next, disable all plugins.Note: To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php:
    PHP Code:
    Do you still have the problem ?

    Former vBulletin Support Staff
    Need Help?, Or P.M. Me


    • #3
      Yes do not just replace the one vB file, but upload a fresh copy of all vB files from a freshly downloaded vB zip from members area.

      If you have a VPS/dedicated server look at for more detailed analysis of your infection status. The guide also has other useful tips
      :: Always Back Up Forum Database + Attachments BEFORE upgrading !
      :: Nginx SPDY SSL - World Flags Demo [video results]
      :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ blog summary ]


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.