dlloyd, thank you, but I'm a little slow at this point. I added the code to a php file and executed it, but I get no output. I'm certain I am missing something, but hoping you can give me a little more guidance. Thanks for the help.
jforjustice.co.uk/banksters - Hacked
Collapse
X
-
You would have to enter a new 30 digit random string into the field and then run this query to regain access to your account:
UPDATE user SET password = MD5(CONCAT(MD5('new-password'), salt)) WHERE userid = 1
Replace new-password with the password you want and 1 with your userid.
If you use a prefix defined in your config.php file, you will need to add that to user.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Comment
-
Or rebuild it under Maintenance -> General Update Tools (4.1.10+) / Update Counters (older versions).Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Whoever made the rounds got a forum that is completely unrelated to me, which is why I even checked into it and found this whole thread. Initially, I thought that it might've been a targeted attack until I did some research into it. There are all sorts of forums out there right now whom have members receiving this email and posting in their respective site's feedback/support/assistance forum.Comment
-
I going through the exact same thing right now. You might want to check your email logs, because in my case not only did I get a redirect but they somehow used the vbulletin mailer to spam their message. I'll probably lose my Amazon SES account because of itComment
-
If someone gains access to your Admin CP or puts a mailer script on your server that includes the vBulletin engine, then they can use the mailer. Should be log entries of any emails that go out through the Admin CP. Though if you give your main admin account permission to delete logs, well then they can be deleted.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
If someone gains access to your Admin CP or puts a mailer script on your server that includes the vBulletin engine, then they can use the mailer. Should be log entries of any emails that go out through the Admin CP. Though if you give your main admin account permission to delete logs, well then they can be deleted.
Wow, thanks! That helped a lot!
edit: to clarify, I was able to see the account that was compromised and that the emails were sent through the admincp.
There is still the question of how the account was hacked in the first place. The admin whose account was breached says he had a ridiculous password with random caps/numbers, and I take his word for it. Searching google, only vbulletin boards are getting hit with this. There has to be an exploit somewhere, whether it be in a 3rd party plugin or vbulletin itself that is giving these guys access to admin accounts.
I have vbseo, vboptimise, Yet Another Awards System, and Warning to users awaiting email confirmation products installed.Last edited by rootnik; Wed 21 Mar '12, 1:42pm.Comment
-
Wow, thanks! That helped a lot!
edit: to clarify, I was able to see the account that was compromised and that the emails were sent through the admincp.
There is still the question of how the account was hacked in the first place. The admin whose account was breached says he had a ridiculous password with random caps/numbers, and I take his word for it. Searching google, only vbulletin boards are getting hit with this. There has to be an exploit somewhere, whether it be in a 3rd party plugin or vbulletin itself that is giving these guys access to admin accounts.
I have vbseo, vboptimise, Yet Another Awards System, and Warning to users awaiting email confirmation products installed.
I also use the vBSEO and Awards plugins the same as you, maybe it is something to do with the awards plugin? Because I can't see vBSEO being the problem.
I was also using the latest version of vBulletin, I am not sure if you was?Comment
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
VBSEO has been exploited 2 times that I know of. A couple of years ago we were hacked because of a VBSEO expoilt that injected a URL redirect that downloaded malware to visitors computers. Feedback from others who are affected, to see if they are running VBSEO, would be helpful.
I didn't know about about the exploit that Wayne linked to below, so I wasn't updated with the patch. I am now, after the fact.
I was running vbulletin 4.1.8 when we got attacked, I'm up to date there now as well.
Thanks for the response, and thank you Wayne for helping us troubleshoot.
I got hacked and I had an extremely powerful password.
I also use the vBSEO and Awards plugins the same as you, maybe it is something to do with the awards plugin? Because I can't see vBSEO being the problem.
I was also using the latest version of vBulletin, I am not sure if you was?Last edited by rootnik; Wed 21 Mar '12, 4:31pm.Comment
-
So, the first time I was hacked, they gained access to admincp, they inserted a plug in, as well as sent mail to my users. A holes! I locked down the ability to execute to a particular IP, changed all passwords, and they came back, but this time, they just hit the postparsed table and injected their bit of java to redirect every link.
Any additional ideas on how to lock this down? I have vbseo and other plugins. This spans latest 4 and 3.8 boards I run.Comment
-
I also had an older version of VBSEOFive Star Review Script - Add reviews to your website!
Mixed Martial Arts - Houston MMA Training
Women's Self-Defense - Courses and DVDs availableComment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment