Announcement

Collapse
No announcement yet.

Hacked by linkbucks.com link

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Hacked by ************** link

    My forum was hacked by a linkbucks redirection link and also cannot access the admincp, but I can access the cpanel, how to remove the hack?
    The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

  • #2
    See :

    http://www.vbulletin.com/forum/blogs...ve-been-hacked
    http://www.vbulletin.com/forum/blogs...ting-ssh-users

    Also if you you've vBSEO make sure that you've the latest version

    Former vBulletin Support Staff
    Need Help?, Or P.M. Me

    Comment


    • #3
      I replaced all files and do the upgrade process but it still do not solved the problem.
      The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

      Comment


      • #4
        I could reach the admincp, but when I click login it direct me to the forum homepage and not the admincp, then the redirection happen again.
        The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

        Comment


        • #5
          If you have a VPS/dedicated server look at http://www.vbulletin.com/forum/blogs...ting-ssh-users for more detailed analysis of your infection status. The guide also has other useful tips

          i.e. for your instance check your templates and htaccess files for malicious redirects i.e. header/footer templates etc.
          :: Always Back Up Forum Database + Attachments BEFORE upgrading !
          :: Nginx SPDY SSL - World Flags Demo [video results]
          :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

          Comment


          • #6
            The hacker actually take over the admin account, I have since take over and add password to admincp page, the hack code is placed in one of the ad location and I disabled it, everything is fine now.
            The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

            Comment


            • #7
              Ok the hacker has return but this time he is unable to use admincp but add a code to public_html/index.php, it seems that he is not using cpanel to alter the file, any idea how he do it?? So I can plug the hole, by the way I am using VPS hosting.
              The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

              Comment


              • #8
                Is there any way or log where I can check how the hacker get access and edit public_html/index.php file?

                public_html/index.php permissions is 0644, should I change to 0755 to prevent someone altering it?
                Last edited by theimforum; Tue 8th Oct '13, 10:59pm.
                The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

                Comment


                • #9
                  I have secured the admincp and now I have changed the hosting account password also, let's wait and see whether the hacker will be back. Also have set index.php and forum.php permissions to 0755
                  Last edited by theimforum; Wed 9th Oct '13, 2:24am.
                  The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

                  Comment


                  • #10
                    Originally posted by theimforum View Post
                    I have secured the admincp and now I have changed the hosting account password also, let's wait and see whether the hacker will be back. Also have set index.php and forum.php permissions to 0755
                    After I have done the above steps the hacker still can edit the index.php, anyone has any idea how to stop him?
                    The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

                    Comment


                    • #11
                      Just found a suspicious file something like shell.php, compared with default files in /upload and found no such file, just deleted it, and changed cpanel password again, hope everything is fine from now on.
                      The IM Forum - Where All Internet Marketers Come Together - http://www.theimforum.com

                      Comment

                      Related Topics

                      Collapse

                      Working...
                      X