Forum has been Hacked!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Scuba0100
    New Member
    • Jan 2016
    • 26
    • 5.1.x

    Forum has been Hacked!

    Our vBulletin forum has been hacked 3 times in 2 weeks. Twice by the same person. I am currently running version 5.1.9 and having a little difficulty upgrading to 5.2.0.

    Is it normal to be hacked this much? I changed the file names correctly (checked several times) and followed the instructions to the letter... This guy that hacked us twice even bragged about it on his FB page... I took a screen shot of what it looked like...

    This is his FB page... https://www.facebook.com/AmZi4

    Any ideas on how to secure our forum better? I am trying to upgrade, after the installation of the (properly prepared) 5.2.0 files, I uploaded to the server using FileZilla. I then pointed my browser to "http://www.evolvegt.net/core/install/upgrade.php". I did not have a "pathtoforums" in my directory since I upload directly to the root and the forum does not live in a subfolder. After it navigates me to the site the directions say that I am supposed to get a login prompt asking me to enter my customer number. This prompt does not appear. If the prompt does not appear how can I run the scripts?

    Any help is appreciated. I am really getting upset that our forum is being hacked this often and I have to go in and upload all the files from backup...

  • glennrocksvb
    Former vBulletin Developer
    • Mar 2011
    • 4011
    • 5.7.X

    #2
    Did you follow this? http://www.vbulletin.com/forum/blogs...ve-been-hacked

    You should upgrade to 5.2 or at least have 5.1.9 Patch Level 3.

    Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

    Comment

    • Scuba0100
      New Member
      • Jan 2016
      • 26
      • 5.1.x

      #3
      I have tried to upgrade, after the installation of the (properly prepared) 5.2.0 files, I uploaded to the server using FileZilla. I then pointed my browser to "http://www.evolvegt.net/core/install/upgrade.php". I did not have a "pathtoforums" in my directory since I upload directly to the root and the forum does not live in a subfolder. After it navigates me to the site the directions say that I am supposed to get a login prompt asking me to enter my customer number. This prompt does not appear. If the prompt does not appear how can I run the scripts?

      Comment

      • Scuba0100
        New Member
        • Jan 2016
        • 26
        • 5.1.x

        #4
        Oh, and I already have control of the site again. I uploaded from backup files. I will read through the document to make sure that I didn't miss anything and change passwords etc...

        Comment

        • glennrocksvb
          Former vBulletin Developer
          • Mar 2011
          • 4011
          • 5.7.X

          #5
          Good to hear you recovered your site. You are on 5.1.9, make sure you have security patch level 3 installed, otherwise, you might be hacked again.

          Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73981

            #6
            If you have vBulletin installed in the root of your site than 'pathtoforums' is '/' The root of your site. That is just an example because it needs to have text in that location to cover 100,000 different installation possibilities.

            The error you're getting when you go to the upgrade URL is because there is no install folder on your site. As such it returns a 404 error. You need to upload ALL the files from the vBulletin 5.2.0 upload folder, including /core/install.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • Scuba0100
              New Member
              • Jan 2016
              • 26
              • 5.1.x

              #7
              Thank you for the quick responses. I did get the upload to initiate, however, It seems to b stuck on step 15 of 20. I know it says that "some parts may take some time", but it has been almost 30 minutes on this one step... Is this normal or should I start it again?

              Comment

              • Scuba0100
                New Member
                • Jan 2016
                • 26
                • 5.1.x

                #8
                I restarted and it moved right through it to step 20...Annnndddd then a fatal error...

                Comment

                • Scuba0100
                  New Member
                  • Jan 2016
                  • 26
                  • 5.1.x

                  #9
                  Tried it several times with the same error...

                  Comment

                  • Scuba0100
                    New Member
                    • Jan 2016
                    • 26
                    • 5.1.x

                    #10
                    Does this mean that the update was successful even though I still got the fatal error on step 20? It never did officially complete that step...?

                    Comment

                    • Mark.B
                      vBulletin Support
                      • Feb 2004
                      • 24286
                      • 6.0.X

                      #11
                      The upgrade hasn't fully completed if you didn;'t get the completed message.

                      The error you are getting is "MySQL server has gone away"

                      This is a server error, and you should contact your host.

                      Ask your host to increase the max_packet_size and the wait_timeout values.
                      MARK.B
                      vBulletin Support
                      ------------
                      My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                      My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                      Comment

                      • seohoster@mail.ru
                        New Member
                        • Apr 2017
                        • 1
                        • 5.2.x

                        #12
                        I had VBULLETIN 4, it was hacked, then upgraded 2 days ago to 5.3 Connect - and it's hacked again, by the same person. How to avoid it?

                        On the main page it's written that he sells database of my forum and also exploit for vbulletin 4.x/5.x as well - can you fix this issu guys? I'm really emotional about this man interrupting my work

                        Comment

                        • Mark.B
                          vBulletin Support
                          • Feb 2004
                          • 24286
                          • 6.0.X

                          #13
                          Originally posted by [email protected]
                          I had VBULLETIN 4, it was hacked, then upgraded 2 days ago to 5.3 Connect - and it's hacked again, by the same person. How to avoid it?

                          On the main page it's written that he sells database of my forum and also exploit for vbulletin 4.x/5.x as well - can you fix this issu guys? I'm really emotional about this man interrupting my work
                          You should follow the instructions linked to earlier in the thread to clean up and secure your site. If you need further help beyond this, please start your own thread with full details of the problem.

                          To be clear - there are no known security issues with the latest versions of either vBulletin 4 or vBulletin 5, so your site is being compromised using another method, either an add on, the server, or a third party product.
                          MARK.B
                          vBulletin Support
                          ------------
                          My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                          My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...