the tattoo forum has been hacked by the fox team. www.thetattooforum.com there is some sort of plugin trying to run so please be careful not to allow them when you take a look. running vbulletin but i can see how they hacked it. the index page looks the same as before how do i get the site back? i dont seem to be able to login even after editing the mysql to reinstate myself as an admin
http://www.google.com/search?num=10...ial&hs=6cp&q="hacked+by+Fox+Team"&btnG=Search Your not the only one. The plugin is just RealPlayer trying to play a reading from the Quran I believe. The song is linked to: http://quran.islamway.com/
well i changed the hompage now to explain my feelings anyone know how they are doing this? i think it is a vbulletin exploit as my cpanels all seem fine.
my nameservers havnt been changed. the username and password on my cpanel hasnt changed th rest of my site is still there except my home page is redirectingto another site i though an exploit in vbulletin was the most sensible assumption do you think it might have been something else?
not at all. mix of numbers cap and lowercase letters that i dont use elsewhere i guess thats possible. would stand to reason that a lot of other sites on the server would have been done also. plus it is odd that the hack involves changing the template to display their new index page. would indicate to me that its someone who knows VB and is targeting it specifically
ok i have managed to get back in and i was hacked by 212.71.32.84 saudi arabia the ripe DB shows that there are only 256 addressees assigned to that particular set so it shouldnt really be to hard to track down who did it. Anyone know where to start with tracking people by ISP etc.
Not much really. They probably covered themselves up pretty well. It would be hard to do anything since they are in Saudi Arabia.....