Forum Hacked by Palestinian Hacker - How to Fix?

No the index.php page is modified ..........!
just see it.

I think they use CHMOD permission to hack your site.

Fix it soon.

Yeah its logged into admin panel.

 

contact your host man..

here are more sites they've hit
http://www.google.com/search?hl=en&rlz=1B3GGGL_enUS256US256&q="Hacked+By+T3es"&btnG=Search

it's just a script kiddy, I'd check the templates and the admin log

 

If u need any help u can contact me..

 

"Contact ====> [ at.T3eS_HaCK [at] HotMail.CoM ] ......ok"

You should report this to hotmail and have the script kiddy's hotmail revoked.

Moron leaving an advert with it, what a moron. There are no real hackers anymore are there?

 

It's not a problem,

Just reinstall or update again. easy

 

They probably modified your template for phpBB is it the newest version of phpBB? if so its all stored in the database. Hopefully you have a backup to restore to or you have a backup of the theme you chose and you can restore it. phpBB is notoriously hackable and isn't really a good choice in forum software. But it can be secured with the right tools.

 

I'm surprised you haven't fixed this yet?
I couldn't go an hour with a page like that up on my sites

it's not phpbb...

Business Forum
vBulletin 3.6.9

 

I wonder why you left it as it is ?
man just fix it... or I could help you

 

Ouch, another site hacked.

Check all the files and the database and everything to see what they've done.

 

I replaced the index.php file....still no go...

 

I found out he has a site with its email on it. http://www.freewebs.com/rame123/

I think he used some exploit he found on http://www.milw0rm.com or a simulair site.

Found some more info on http://www.gabrielharper.com/blog/2008/04/vbulletin-csrf-vbulletin-cross-site-request-forgery/.

I hope for you, he didn't mess with the SQL database.

Greets,

-Semi

 

This is really confusing. I just upgraded it to 3.7.2 and went through all the steps for this. There were about 20 stages for the upgrade. Problem still exists. I went to PHPmyadmin and checked to see if all the tables were still present and they are. Threads, posts, users etc.. it's all there...I don't know what else to check??

 

It may help if you make a clean install. So uninstall vbulletin, and reinstall it. That's what I would do.

Btw, I see you've done that already. I can see your forum now, but it has only 1 member. I guess you should add the "old" database again, but check it for errors first.

-Semi

 

I used the old database and the hacked thing appears...so it looks like something is in that database causing it.

 

Ok, well yeah then it's something in the database causing it. Have you found the problem already? Try searching for the terms that were on the "hacked" page.

-Semi

 

I did that and it came up with nothing in the results.

 

Oh too bad. You need to find out what part of the database vbulletin is pulling data from when you open up the forum. I'm not an expert at this, but I'll do some searching on the net.

PS: To prevent exploit abuse in the future, try finding a way to remove the:

at the bottom of the forum.

Hackers use these to find forums they can hack. The just check google with the phrase: Powered by vBulletin® Version 3.7.2, and they get loads of these forums that are vulnerable when there's an exploit for that version.

Btw, I found this on the vbulletin forum: http://www.vbulletin.com/forum/showthread.php?p=1596176.

Anyways, goodluck with solving this problem.

Greets,

-Semi

 

search the database or phrases, it has to be there somewhere

 

check if the .htaccess file has been modified - to redirect all hits to another page that can be a way to subvert changes to index.php or index.html ...

 

Nowhere in the database. I noticed there is a javascript snippet on the hack page.

I checked .htaccess and all is good there too.

I ended up installing from scratch...Now I need to work out how to copy tables from one database to another.