I got an email today with the following info: Database error in vBulletin : mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) /home/eyobicom/public_html/behindtheboards.com/forums/includes/class_core.php on line 311 MySQL Error : Error Number : Request Date : Saturday, December 6th 2008 @ 05:24:40 PM Error Date : Saturday, December 6th 2008 @ 05:24:40 PM Script : http://www.behindtheboards.com/forums/calendar.php?c=1&week=1212883200&do=displayweek&month=6 The title of my site is BehindTheBoards.com The only noticeable difference with the forum is that all the status icons have been changed to the locked icon. I logged in as both a user and admin, and I was able to make and edit post. What should I look out for? This is a small site with very little traffic. Why would someone want to hack this site? When I first started out designing sites someone told me if I built sites, I would get hacked eventually.....and that is was just the nature of the beast. Just be sure to do back-ups. This is my first time getting a site hacked, and I wanted to get any input from you guyz that may help me. What should I do first? Should I restore the entire forum? FYI I do have a back up about a week old.
you should be able to check out your moderator and/or admin logs in the admincp you should also have a logs file in your root ftp that will have all access logs as well regards -Brandon
Why do you think its hacked? Any obvious message left by the hacker? That error that you have produced, is actually a database error - it cannot connect to the database because the database has an issue with its assigned sock. google for more information. tbh, i thought you would have googled the database error before assuming its a security attack.
This page should help you fix it. http://www.tech-recipes.com/rx/762/...cal-mysql-server-through-socket-tmpmysqlsock/
The post contained php code, if he was able to login in your administrator account look at your plugin code's it may have been changed and ther ecan be code added so he can exucute linux commands to take over your webhosting.
Just upgrade to the latest vb. I don't recommend your old backup which might not be clean. If you host other applications as well, they might have vulnerabilities.