Tweet
Hi,
A few days ago my forum got hacked. One of the users uploaded links that ended up taking down the site and my computer with it. When I was able to get the computer running, after a new hdd and system install, I tried to log in to the forum and couldn't do it. Requested a password change and was able to regain access and control of the forum.
First thing I did was go to my hosting provider and requested a removal of the forum folder and a restore from a day earlier than when the problem started.
After getting the forum back I deleted the posts this user created and banned his account and ip.
Thought everything was back to normal. But two days later, by coincidence thanks god, I did a google search for something in the forum and when I went to click one of the links on the google search it took me to the page shown on the attached .png screenshot. It's a known malware or something of the sort.
I backed out of that page and again clicked on the same link from the google results, this time it took me to the correct page in my forum. This only happens one time on every web browser per OS load. I mean If I do more google searches the malware site doesn't load. I go to another web browser program and I can recreate the behavior for only one time. Then if I shut down/restart the computer and go do a google search on any of the web browsers I can re-create the behavior one time.
I decided to redo the deletion/restore routine again but this time deleted not only the forum's folder on my hosting server but everything on that domain. Then restored from a backup up from 2 days instead of 1, prior. The problem is still there.
Then I remembered that the sql database is located somewhere else in the hosting package and it is not part of the regular automated backups. Leaving me without a delete-restore from clean sql database option.
I have changed the passwords for vbulletin here, sql database, forum accounts etc. Now I need some advise on how to get this cleaned up before google detects a problem and blacklist the forum. So far it's good as I have followed all google's checks looking for problems and they've all passed.
I downloaded the sql database from the hosting server and my question is how do I go about cleaning it up so that I can upload it in place of the current problematic one.
Thx
A few days ago my forum got hacked. One of the users uploaded links that ended up taking down the site and my computer with it. When I was able to get the computer running, after a new hdd and system install, I tried to log in to the forum and couldn't do it. Requested a password change and was able to regain access and control of the forum.
First thing I did was go to my hosting provider and requested a removal of the forum folder and a restore from a day earlier than when the problem started.
After getting the forum back I deleted the posts this user created and banned his account and ip.
Thought everything was back to normal. But two days later, by coincidence thanks god, I did a google search for something in the forum and when I went to click one of the links on the google search it took me to the page shown on the attached .png screenshot. It's a known malware or something of the sort.
I backed out of that page and again clicked on the same link from the google results, this time it took me to the correct page in my forum. This only happens one time on every web browser per OS load. I mean If I do more google searches the malware site doesn't load. I go to another web browser program and I can recreate the behavior for only one time. Then if I shut down/restart the computer and go do a google search on any of the web browsers I can re-create the behavior one time.
I decided to redo the deletion/restore routine again but this time deleted not only the forum's folder on my hosting server but everything on that domain. Then restored from a backup up from 2 days instead of 1, prior. The problem is still there.
Then I remembered that the sql database is located somewhere else in the hosting package and it is not part of the regular automated backups. Leaving me without a delete-restore from clean sql database option.
I have changed the passwords for vbulletin here, sql database, forum accounts etc. Now I need some advise on how to get this cleaned up before google detects a problem and blacklist the forum. So far it's good as I have followed all google's checks looking for problems and they've all passed.
I downloaded the sql database from the hosting server and my question is how do I go about cleaning it up so that I can upload it in place of the current problematic one.
Thx
Attached Files
Comment