MotoHouston.com MotoHouston.com
Register Members List Member Map Media Calendar Garage Forum Home Mark Forums Read

Go Back   MotoHouston.com > Off Topic (everything else) > Off Topic
Forgot info?

Welcome to MotoHouston.com! You are currently viewing our forums as a guest which gives you limited access to the community. By joining our free community you will have access to great discounts from our sponsors, the ability to post topics, communicate privately with other members, respond to polls, upload content, free email, classifieds, and access many other special features. Registration is fast, simple and absolutely free, join our community!

Register Today!

If you have any problems with the registration process or your account login, please contact us.


FREE MH Decals by MAIL!

Advertisement

Reply
Share This Thread: 
Subscribe to this Thread Thread Tools
Old 09-06-2012, 04:38 PM   #1
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











Vbulletin Webmaster GURUS!? I don goofed

Anyone here proficient with vbulletin and coding? I was hacked pretty bad and im unable to fix my board with my very limited knowledge...
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Similar Topics
Thread Thread Starter Forum Replies Last Post
VBulletin and Sausage Petro Off Topic 7 10-18-2010 05:45 PM
just watch the vid , or don't, whatever i don't care . lol ANTISOCIAL Off Topic 11 09-07-2009 09:08 AM
Don't Do Drugs; and for Gawd's Sake, Don't Shoplift! Squoddybody Off Topic 17 03-24-2009 02:55 PM
vBulletin® Message maskale Forum Updates & Feedback 9 09-09-2008 05:39 PM
Advertisement
Old 09-06-2012, 04:48 PM   #2
green600
Banned
 
Join Date: Jan 2011
Location: 77045
Feedback Rating: (3)
Posts: 20,624

Experience: 1-3 months
Trackdays: 1











User is banned

.
green600 is offline   Reply With Quote
Old 09-06-2012, 04:55 PM   #3
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











its currently non working lol... my hosting company just went through and removed all of the malware that was infecting it...

petrochempros.com
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-06-2012, 05:02 PM   #4
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











ugh.... trying to upload and overwrite with a new batch of vb files right now....

Quote:
Hello,

Upon an investigation of your account, we have found that it was compromised and malicious files were uploaded. This was able to be done by using security vulnerabilities in your outdated vBulletin installation. We have removed the malware, however you will need to be sure to update that as well as all of your other outdated scripts, themes and plugins to help avoid issues in the future.


We have found the following files to be malicious, which were removed. We also removed malicious code from many of your files.

/public_html/sfkhghg.php
/public_html/microsupport/includes/bungster/r.php

You are able to see where this was done in the following log entries.

31.184.234.96 - - [05/Jul/2012:01:05:51 -0500] "POST / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13"
31.184.234.96 - - [05/Jul/2012:01:05:52 -0500] "GET /sfkhghg.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13"

If you have any questions or concerns, please do not hesitate to let us know.
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-06-2012, 05:13 PM   #5
smokinjoe
Señor Membero
 
smokinjoe's Avatar
 
Join Date: Mar 2008
Location: The Woodlands
Feedback Rating: (1)
Posts: 4,045

Trackdays: 10+

Bike(s):
Honor Cycle 5000
╯°□°)╯┻━┻



Member Garage





Send a message via Yahoo to smokinjoe
this malware stuff is a pain in the .. it can infect portions of code all over your site and when you think you've got it cleaned up, it'll come back out of nowhere. You can either scan each page of code looking for base64 encryptions and removing it or your can reinstall your vbulletin, but if the malcious code is in your database then it may take more time to fix it.
__________________
smokinjoe is offline   Reply With Quote
Old 09-06-2012, 05:16 PM   #6
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











Is there a way I can backup a table with all my users... reinstall vbulletin, then import the users back in?

Are we talking about the SQL? how would I go about fixing that?
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-06-2012, 05:20 PM   #7
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











i spent countless hours modifying the theme and doing the graphics/mods just how I liked it... ugh... lol I literally spent probably 100-150 hours over the course of a few months tweaking graphics modifying scripts, etc to get the layout perfect...
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-06-2012, 05:36 PM   #8
smokinjoe
Señor Membero
 
smokinjoe's Avatar
 
Join Date: Mar 2008
Location: The Woodlands
Feedback Rating: (1)
Posts: 4,045

Trackdays: 10+

Bike(s):
Honor Cycle 5000
╯°□°)╯┻━┻



Member Garage





Send a message via Yahoo to smokinjoe
You should be able to backup your MySQL and then reinstall vbulletin and import your db but you may want to ask vbulletin support just to make sure. My malware experience is with all Wordpress sites on my hosted server. It was jumping all over the place
__________________
smokinjoe is offline   Reply With Quote
Old 09-06-2012, 05:41 PM   #9
ScooterTrash
ConroePowderCoating.com
 
ScooterTrash's Avatar
 
Join Date: May 2005
Location: Cut n Shoot
Feedback Rating: (3)
Posts: 17,237


Bike(s):
lots of em






yer stinks a lot, just sayin
__________________
[COLOR="Lime"][B]Highway HorrorS c.c.[/B][/COLOR]



[QUOTE=Mr.D;2764337]
I respect scootertrash because well... He's like the Jesus of building and fixing .
[/QUOTE]
ScooterTrash is offline   Reply With Quote
Old 09-06-2012, 05:51 PM   #10
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











especially right now... my is full of decomposed taco soup and massive amounts of broken down whey protein... its pretty terrifying for these poor designers that share bordering cubicles with me here.
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-06-2012, 07:04 PM   #11
pester
Black olives matter
 
pester's Avatar
 
Join Date: Nov 2006
Location: Montgomery cty
Feedback Rating: (12)
Posts: 15,840

Experience: 10+ years
Trackdays: 1

Bike(s):
2007 yamaha fz6
1998 yamaha wr 400 motard



Member Garage





Quote:
Originally Posted by p0opstlnksal0t View Post
Anyone here proficient with vbulletin and coding? I was hacked pretty bad and im unable to fix my board with my very limited knowledge...
obama, he did it
__________________
Quote:
Originally Posted by honorsdaddy View Post
Technology has insulated the stupid from the rightful consequences of their actions - and exposed the rest of us to the damage they can cause.

Quote:
Originally Posted by 1sickGixxer View Post
nevermind ima bumbass and ill get my wife 2 do it 2nite.
Quote:
Originally Posted by tonyt915 View Post
I know enough Spanish to stick you with a knife cabron
pester is offline   Reply With Quote
Old 09-07-2012, 08:29 AM   #12
gtdrivr
Al Gore lied to me.
 
gtdrivr's Avatar
 
Join Date: Oct 2006
Location: Spring
Feedback Rating: (0)
Posts: 9,337

Experience: 10+ years

Bike(s):
CBR954 arrrr arrrr









I tried to get on, and my security program deems the site "dangerous" and wont allow me on.
__________________
RIP Coach and Andy

Riding the back roads of heaven.

gtdrivr is offline   Reply With Quote
Old 09-07-2012, 10:28 AM   #13
smokinjoe
Señor Membero
 
smokinjoe's Avatar
 
Join Date: Mar 2008
Location: The Woodlands
Feedback Rating: (1)
Posts: 4,045

Trackdays: 10+

Bike(s):
Honor Cycle 5000
╯°□°)╯┻━┻



Member Garage





Send a message via Yahoo to smokinjoe
i'd download the entire site to your local drive via ftp - then do a source code search in the site's folder for "eval(base64_decode" or something along the lines of that. Any results that you get, delete the code from "<?php" to "?>". (just delete the php snippet).

make sure you make a backup of your site first. if the index.php page is the main suspect, try changing the permissions to "444". Odds are that the code will replace itself if deleted. You just have to find all of it to stop the attack.
__________________
smokinjoe is offline   Reply With Quote
Old 09-07-2012, 11:21 AM   #14
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











I think the ibproarcade allowed the Backdoor to modify all my .js files. From here I think I am going to attempt to save all my GIF and jpgs find the same theme then reinstall a new version 4.2.0 pl2 and do a fresh install. Then reinstall the fresh theme and overwrite with all my custom graphics.
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-07-2012, 11:52 AM   #15
smokinjoe
Señor Membero
 
smokinjoe's Avatar
 
Join Date: Mar 2008
Location: The Woodlands
Feedback Rating: (1)
Posts: 4,045

Trackdays: 10+

Bike(s):
Honor Cycle 5000
╯°□°)╯┻━┻



Member Garage





Send a message via Yahoo to smokinjoe
Quote:
Originally Posted by p0opstlnksal0t View Post
I think the ibproarcade allowed the Backdoor to modify all my .js files. From here I think I am going to attempt to save all my GIF and jpgs find the same theme then reinstall a new version 4.2.0 pl2 and do a fresh install. Then reinstall the fresh theme and overwrite with all my custom graphics.
sounds like a good plan. this is a huge headache and time is of the essence because if google finds out that your code is infected it will be blacklisted. then you have to fix your site then re-submit it inside of webmaster tools to show that the problem is solved.



oh and if you're hosted on godaddy you may want to try this: http://www.godaddy.com/security/website-security.aspx

It will scan your site looking for infected code and alert you of the pages that have it. You will have to manually clean up the code. I use this for one of my sites and not really impressed though, it just shows you where the malicious script is, but doesn't give any suggestions on what to do to solve teh problem or fix it,, for 6.99 a month
__________________
smokinjoe is offline   Reply With Quote
Old 09-07-2012, 01:54 PM   #16
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











I'm already blacklisted
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-07-2012, 02:00 PM   #17
CantDecide
Senior Member
 
Join Date: Mar 2011
Location: North Houston
Feedback Rating: (0)
Posts: 296

Experience: 3 years

Bike(s):
2010 Ninja250
2009 GSXR600
2009 ZX10R







Quote:
Originally Posted by p0opstlnksal0t View Post
I'm already blacklisted


I saw that using Google...

"PetroChemPros Communitywww.petrochempros.com/forum.php
This site may harm your computer."

Sucks but probably just some bored school kid in Taiwan...dont think the NSA would have gone after your work related site.
CantDecide is offline   Reply With Quote
Old 09-07-2012, 02:06 PM   #18
gtdrivr
Al Gore lied to me.
 
gtdrivr's Avatar
 
Join Date: Oct 2006
Location: Spring
Feedback Rating: (0)
Posts: 9,337

Experience: 10+ years

Bike(s):
CBR954 arrrr arrrr









Quote:
Originally Posted by CantDecide View Post


I saw that using Google...

"PetroChemPros Communitywww.petrochempros.com/forum.php
This site may harm your computer."

Sucks but probably just some bored school kid in Taiwan...dont think the NSA would have gone after your work related site.
You dont know Trey.

The things I have seen on that site!!
__________________
RIP Coach and Andy

Riding the back roads of heaven.

gtdrivr is offline   Reply With Quote
Old 09-07-2012, 02:06 PM   #19
Petro
C'Mon... Building 7
 
Petro's Avatar
 
Join Date: Nov 2005
Feedback Rating: (2)
Posts: 10,160

Experience: 10+ years











I don't think it's nsa. The Russian hackers just take down small sites like mine for funzies and practice.
__________________
Quote:
We must use terror, assassination, intimidation, land confiscation, and the cutting of all social services to rid Galilee of its Arab population.
David Ben-Gurion, Founding father of Israel
Petro is offline   Reply With Quote
Old 09-07-2012, 02:26 PM   #20
CantDecide
Senior Member
 
Join Date: Mar 2011
Location: North Houston
Feedback Rating: (0)
Posts: 296

Experience: 3 years

Bike(s):
2010 Ninja250
2009 GSXR600
2009 ZX10R







Quote:
Originally Posted by p0opstlnksal0t View Post
The Russian hackers just take down small sites like mine for funzies and practice.
Ahhh...gotcha...well if the feds do show up asking questions keep us in the loop
CantDecide is offline   Reply With Quote
Reply


Thread Tools

Advertisement


All times are GMT -5. The time now is 03:40 AM.


MotoHouston.com is not responsible for the content posted by users.
Privacy Policy