Site Hacked! Need Help!

**tubedogg** · Tue 3 Jul '01, 4:41pm

First you need to upgrade to v2.0.1. I'm not sure which version you are using but this CSS:
BODY {CURSOR: default; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; FONT-SIZE: 12px}
UL {CURSOR: default; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; FONT-SIZE: 12px}
etc...
is from several versions ago, one of the betas. It will fix a major security hole.

Second thing is all they did is edit your header template. One quick look at the source found these tags:
<noframes>
<noscript>
which makes everything below it invisible. They just added their 3 lines and those tags...your page is still there below that. Take those out and everything will show up again.

Kinda lousy hackers...take the cheap&easy way out.

**tubedogg** · Tue 3 Jul '01, 4:43pm

Re: Site Hacked! Need Help!

Originally posted by jtracy
P.S. What's the best way to safeguard from this in the future?

Their wording - "exploited" - makes it sounds as though they may have taken advantage of security hole that existed pre-beta 3 or another that existed pre-RC3. In either case they have fixed in the latest version, 2.0.1. Upgrading to that should help. Also you and any other admins or others who have control panel access should change their passwords and ensure their email addresses are correct.

**jtracy** · Tue 3 Jul '01, 5:41pm

Good advice, however they changed my login information, etc. How do I get back into my own forum to delete the hack? Also, is the upgrade to 2.0.1 easy to implement? As stated earlier, I had vBulletin do the original installation.

Thank you for your assistance.

Joe Tracy
[email protected]

**VAN** · Tue 3 Jul '01, 5:55pm

Same hack attack here. www.bsboard.com I already figured out the altrered header, but as stated earlier, my admin lgin has been removed....what do I/we do?

**dunefreak** · Tue 3 Jul '01, 6:18pm

I believe you can use getadmin.php that was in the extras directory in the vB download.

**VAN** · Tue 3 Jul '01, 6:34pm

jt:
try using the admin password "blah"....thats what Neiller had switched mine to. I'm back up and running now, but I'll have to recode the entire HEADER.

**dunefreak** · Tue 3 Jul '01, 6:37pm

Before you do the header DO THE UPGRADE!

Congratulations on getting back in. Did you use getadmin.php?

**VAN** · Tue 3 Jul '01, 6:39pm

Dune, yes! Thanks for reminding me of that nifty little script. I'll be upgrading to the gold 2.0 asap.

**dunefreak** · Tue 3 Jul '01, 6:41pm

2.0.1

**jtracy** · Tue 3 Jul '01, 6:42pm

Thanks for the tips. Unfortunately "blah" didn't work for me. I also haven't found the getadmin.php script in the Members area yet...

Joe Tracy

**dunefreak** · Tue 3 Jul '01, 6:43pm

It was not in the members area. It was in the dowload package under /extras

**VAN** · Tue 3 Jul '01, 6:43pm

jt: getadmin.php is included in the 2.0 download. download version 2.0 and you'll find getadmin.php in a folder called "extras"

**jtracy** · Tue 3 Jul '01, 7:38pm

I was able to get and upload getadmin, however it simply asks what user I would like to promote to administrator status. Typing in my own username fails as it calls for a login, but I don't have the password that was changed by the hackers. I can't register a new name because the forums are hacked and unaccessible. Thoughts?

Here's the error message I get when I type in my alias using this script:

"You are either not a valid administrator or have not logged in. Please log in now:"

Thank you.

Joe Tracy
[email protected]

**jtracy** · Tue 3 Jul '01, 7:44pm

I just got back in. I had the GetAdmin.php script installed in the wrong directory. Once I got it to the right directory it worked like a charm and I, of course, instantly deleted it.

Joe Tracy

Site Hacked! Need Help!

Site Hacked! Need Help!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment