Good afternoon
On Tuesday our forum was hacked (we were on the latest version of 4.2.3, the day before you released patch level 2) and unfortunately some of the database files have been amended.
Due to an error with our server hosts we were not able to restore our database which has been very frustrating. All our data is still there and the forums are functioning more or less as they should be, apart from the image.php and admincp/image.php files are not loading Avatars anymore - instead they are loading a password box (see attached image) which is very obviously an attempt to obtain our forum password and/or hijack our sessions.
We have installed a complete fresh forums with fresh database and this functions just fine, but we do not wish to start over again! We have also replaced all the forum files with a new set that were downloaded from vbulletin without any luck - so I'm pretty confident that the malicious data is stored in our forum database somewhere.
We have full access to the database and have searched the forum database without any success for the past few days now and I'm at a loss now on how to fix the issue.
Can anybody shed any light on what we need to do to resolve this?
It appears that the hacker has gone for now, perhaps the new patch installed on Wednesday morning fixed the issue, or the hacker has discovered that there is nothing of value for him/her to steal and has moved on.
Thanks in advance.
On Tuesday our forum was hacked (we were on the latest version of 4.2.3, the day before you released patch level 2) and unfortunately some of the database files have been amended.
Due to an error with our server hosts we were not able to restore our database which has been very frustrating. All our data is still there and the forums are functioning more or less as they should be, apart from the image.php and admincp/image.php files are not loading Avatars anymore - instead they are loading a password box (see attached image) which is very obviously an attempt to obtain our forum password and/or hijack our sessions.
We have installed a complete fresh forums with fresh database and this functions just fine, but we do not wish to start over again! We have also replaced all the forum files with a new set that were downloaded from vbulletin without any luck - so I'm pretty confident that the malicious data is stored in our forum database somewhere.
We have full access to the database and have searched the forum database without any success for the past few days now and I'm at a loss now on how to fix the issue.
Can anybody shed any light on what we need to do to resolve this?
It appears that the hacker has gone for now, perhaps the new patch installed on Wednesday morning fixed the issue, or the hacker has discovered that there is nothing of value for him/her to steal and has moved on.
Thanks in advance.
Comment