My site was hacked...

Discussion in 'Managing Your Online Community' started by Ben, Aug 14, 2009.

  1. Ben

    Ben Regular Member

    Joined:
    Jun 24, 2009
    Messages:
    58
    Likes Received:
    1
  2. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    It looks like theyve deleted a lot of files.

    Change all of your passwords etc FTP etc and scan your PC for keyloggers, viruses etc then redo your backup, there is a better guide here:

    How To Make My Forums More Secure - vBulletin Community Forum

    I would tell your host too so they can check it isnt due to their own problems etc and make sure you upgrade to the latest stable version of vb if your backup isnt it.
     
  3. Ben

    Ben Regular Member

    Joined:
    Jun 24, 2009
    Messages:
    58
    Likes Received:
    1
    Thanks Sweeks, I deleted the entire /forums directory and am replacing the files in hopes that that might fix it.
     
  4. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    Change your passwords to strong ones, preferably by a random password generator or the one in cpanel/WHM. I wouldnt advise keeping them the same as if they have had access to your passwords they can re-access and repeat their deletion etc
     
  5. Ben

    Ben Regular Member

    Joined:
    Jun 24, 2009
    Messages:
    58
    Likes Received:
    1
    Thanks, I'll do that directly.
     
  6. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    Also change database passwords too and edit those in your config.php again once done assuming this is a vbulletin installation.
     
  7. Ben

    Ben Regular Member

    Joined:
    Jun 24, 2009
    Messages:
    58
    Likes Received:
    1
    Do you think he'll target me again?
     
  8. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    It is possible if you dont secure yourself yes. Our teen forums were hacked a while back due to some problems with our host not being very secure, they deleted all of our forums and replaced our index with one of their crappy html pages as well as uploading about 50 copies of the same file with different names all over the directories which was used to CHMOD files, dirs etc, make sure you check for suspect files too.
     
  9. torque

    torque Regular Member

    Joined:
    Jun 7, 2009
    Messages:
    735
    Likes Received:
    12
    Location:
    Campbelltown, New South Wales, Australia
    Take it from someone who was hacked twice in the last six months - continuously change your passwords for access to your website, change the passwords for the database etc just to keep them guessing.
     
  10. David

    David Regular Member

    Joined:
    May 30, 2003
    Messages:
    1,088
    Likes Received:
    133
    Location:
    Australia
    You can only be as secure as the host/server admin you're using.

    1. Don't use a lot of modifications. Modifications typically don't go thru any quality coding checks or assurances they aren't full of security holes. Most people blindly install anything they think is cool making it a nightmare of possible entry points.

    2. Use a different password for everything. Using the same password to access everything you own is just silly. Be sure to make it long and if you can remember it, it isn't good enough.

    3. Make sure whatever software you are using is at the most up to date release. Most the time exploits are from running old software. (Including php, apache, mysql versions)

    4. Don't restore any files from your filesystem from backups, unless they are unique files that can not be recovered elsewhere (IE attachments)

    5. Audit your database for extra admins, and tables/rows/columns that shouldn't be there. Having anything other than standard tables for your software should be investigated and you should know what modification uses them.

    There are a ton of other things you can do to make sure you're site is secure. Start with the ones above for now.
     
  11. Wayne Luke

    Wayne Luke Regular Member

    Joined:
    Apr 2, 2009
    Messages:
    991
    Likes Received:
    276
  12. Ak Worm

    Ak Worm Grand Master

    Joined:
    May 22, 2009
    Messages:
    979
    Likes Received:
    20
    First Name:
    Corey
    I Had One Site Hacked. Didnt Mind Putting It Back Up.
    I Just Thoght Of My GC And Its Up. Hope I Dont Get Hacked.
    It Sucks Getting Hacked.
     
  13. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    Good luck with the recovery process, Ben! It's no fun...
     
  14. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    Id it was on a managed serve,r, then ask them for backups.
     
  15. Peacelily

    Peacelily Adept

    Joined:
    Jul 5, 2009
    Messages:
    245
    Likes Received:
    10

    You helped us when we were hacked by this guy.

    :headbang:


    Getting hacked is the worst feeling in the world.
     
  16. rokdave

    rokdave Newcomer

    Joined:
    Aug 16, 2009
    Messages:
    1
    Likes Received:
    0
    First Name:
    rok dave
    try to change your password and check your database..


    _________________
    Indianapolis seo
     
  17. kev

    kev Regular Member

    Joined:
    Mar 9, 2009
    Messages:
    1,224
    Likes Received:
    61
    Ben, and you converted to mybb after your site was compromised? I would like to know the logic behind this.

    It might not have been the forum software at all. There might have been an issue with the server. Have you been able to narrow down what happened?
     
  18. Ben

    Ben Regular Member

    Joined:
    Jun 24, 2009
    Messages:
    58
    Likes Received:
    1
    Pat, Chris and I isolated the problem to the /forums directory. We tried to reupload the files, delete everything and try again, and it didn't work. The rest of the site was fine.
     

Share This Page