jforjustice.co.uk/banksters - Hacked
Collapse
X
-
I've been following this thread after some posts in our forum were hijacked and a simple Javascript reditect was setup to forward members attempting to view thread to the jforjustice website. We updated our forum to v3.8.7 PL2 and the latest version of VBSEO, which is the only plugin we use. I checked for any new plugins and none exist. Problem is that I couldn't find any reference to the javascript code anywhere so I downloaded all files to my PC and Microsoft Security Essentials picked up the following 2 suspicious files, which were identified as backdoor scripts:
<vb root>/images/avatars/b.php
<vb root>/images/avatars/_error.php
I'm now going to scan all files and see if I can find the Javascript code embedded somewhere.
vB has been a nightmare of late, with 3 of our sites falling victim to uploaded phising site attacks and now the justice league. Pain in the butt!
Regards,
AsimComment
-
Need to remove the primary point of infection. If it is the vBulletin software or one of your addons, the steps previously posted will expose it. Until you find that point of infection, you will see this over and over and over again. Removing that line just removes the result of the infection, not the infection itself.
Going from other comments, the primary point seems to be insecure addons so you should either remove your addons or verify that they are free from exploitable issues.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Thanks again for your advice, it's been very useful...Comment
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Five Star Review Script - Add reviews to your website!
Mixed Martial Arts - Houston MMA Training
Women's Self-Defense - Courses and DVDs availableComment
-
Make sure to patch your vBulletin tonight with the new patch release. It will help secure things.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Our vb site fishsniffer.com was hacked as well by the same install...and redirect. It is proving to be a real cluster to try and repair all the damage done. We are now on day three of attempting to repair and restore. None of these tweaks and tricks are making headway. Suspect is the hack installed with the vBSEO upgrade. Many very unhappy campers! :-(Comment
-
Turn off JavaScript in your browser, then view your site. With JavaScript off you won't be forwarded to the hacker's site.
Then view HTML Source of your page and find instances of jforjustice.co.uk that will give you some clue where they are. I cleaned up a site last week the code was in the "Forum Name" setting in Admin CP -> Settings -> Options -> Site Name / URL / Contact Details AND in the setting for the mod VB Ad Management.Comment
-
-
Did you password protect the admincp directory?
Also, if any admin accounts have been compromised you need them to reset their password, and make sure their email address is correct. When you password protect the admincp directory, only give the login details to your admins via a contact method where you can be sure you are talking to them. Posting the details in a private message or usergroup specific forum is going to allow the hackers to see the login details.
You'll also want to password protect any phpmyadmin installations, look in your customavatar dir for any php files (there should be NONE, delete if there are any).
You can set usergroups up to require a password change every X amount of days, this is probably a good practice too.Comment
-
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment