So finaly my forum has been hacked... what to do?

[Arthur]

Lisen mate if you cant do a full backup whit new install you have to look for this files
and chance server pass mysql user and pass i Beat him befor he get me i hade him on my server for 5 days and i dit no sleep at the time lol btw here the name
access.php
config.php
error_log
fonction.php That one are the bad one it can get full acc to the hole server
search.php
SQ.php

nup i think i'll go with the clean installation........ BTW the same hacker came to ur site? u sure?

OMG , so much racism ,so if some one is not muslim , then he will try to hack him ..
tooo bad man ..
in this way all will act like this , then what will happen about oneness ?
I hope others don't think like this
ANYWAYS ,
as every one said , if u have backup don't worry , u will get ur password back , ask you hosting provider

oh my bad.......... u r right..........acutly i din mean that...... i was so surprised when he cheat me in the name of muslim community.... if he will not be muslim then it dosn't make any hurt to me but............ well leave it..... i belive on oneness man...... i was talking from different point of view... and u r right in ur place......

error_log is something totally different, google it. And about those files, he can name a shell whatever he likes, and every person is thinking different. And that guy was really stupid if he named his shell "SQ.php" anyone would notice an extra file in his public_html.

Main thing for this guy is to format his HDD partition. Because that wannabe hacker obviously sent him an iStealer/Keylogger server.

After that make sure that you delete all files from public_html, and before that you should download your database, and import it after you upload fresh files.

Also always CHMOD your files to 644, because even if he has shell, if you didn't put your files writeable, you'll be pretty much ok, because he can't do shit when files aren't writeable.

format my HDD partition?? oh my GOD...... u gona be kidding me man..... he sent me the file but i din open it...... isn't there any way to chk out that is there any keyloder or RAT are working in my cormputer?

BTW what is CHMOD 644?? i have read that shout box installation but still i din know what is that thing

Arthur Reviewed by Arthur on 23rd Jul 2010. So finaly my forum has been hacked... what to do? Guys there is a Saudi Arabian guy DGX@hotmail.com He has been hacked my forum.... i added him to my msn and i talked to him he said you r from macron (don't know what is the meaning, but maybe he was thinking that i am not muslim and from other country etc)..... i said no i am muslim and u r too muslim and we are brothers... why are u doing this to me? he said ok give me ur cpanel and pass. i'll recover that for you....... i said promise me that you will not change my pass. he said no Rating: 5

[cyberz]

OMG , so much racism ,so if some one is not muslim , then he will try to hack him ..
tooo bad man ..
in this way all will act like this , then what will happen about oneness ?
I hope others don't think like this
ANYWAYS ,
as every one said , if u have backup don't worry , u will get ur password back , ask you hosting provider

[MUS]

Ahh A saudi heh? adeeni ragm jawalo..
Give me his cell phone number ? I will be the proxy between you and him.

[MUS]

OMG posts at KWWH make my eyes bleed (not all some )

[EL-Warez]

Yeah but they know what they are doing..obviously you are lacking that experience.

[SuicidalMedia]

Read about CHMOD here :

http://php.about.com/od/phpbasics/ht/chmod.htm

If you didn't opened it you're fine. And also, which version of vBulletin you were using?

[Exel]

Holy shit people on the internet are so smart these days.

PM me your cpanel, msn, email, ftp, and social insurance number and I can fix it.

[dermechove]

Man I want to clarify some points:
-This so called hacker used a vuln in your script OR on your server.
-If you are runing some old vBulletin or you have installed a vulnerable plugins or products (and they are a lot) he must have used it.
-This guy IS NOT A HACKER :: he is simply a script kidie or w/e it's called.
what he have simply done is:

Code: 

-went to milw0rm (or any other sited that publish 0day exploits)
-have found a 0day exploit.
-he used the dork supplied WITH the exploit to search IN Google for infected sites.
-he just used the Exploit.

so guys don't worry just keep your scripts up to date and you'll be fine.
And yeah don't give you passwords to any one(on the Internet) u don't know who is watching you.

[Arthur]

Read about CHMOD here :

http://php.about.com/od/phpbasics/ht/chmod.htm

If you didn't opened it you're fine. And also, which version of vBulletin you were using?

ok.. i'll chk that.... i was using vb 4.0.4 and thinking to switch the latest VB...but.......

Lmao typical retards saying you trust them and u give them something like that lol

Well contact your host get it back. But before you do that do a clean reboot of the PC. Also tell your host to look for some backdoored c99 shells or anything like that.

bro i am not much familer with this kinda of things like backdoored or shells etc..... please explain it... i know they are belong to hacking stuff but please share your expereince

Holy shit people on the internet are so smart these days.
PM me your cpanel, msn, email, ftp, and social insurance number and I can fix it.

no its all right man.... i have talked to my hosting provider..... they will fix that.

Man I want to clarify some points:
-This so called hacker used a vuln in your script OR on your server.
-If you are runing some old vBulletin or you have installed a vulnerable plugins or products (and they are a lot) he must have used it.
-This guy IS NOT A HACKER :: he is simply a script kidie or w/e it's called.
what he have simply done is:

Code: 

-went to milw0rm (or any other sited that publish 0day exploits)
-have found a 0day exploit.
-he used the dork supplied WITH the exploit to search IN Google for infected sites.
-he just used the Exploit.

so guys don't worry just keep your scripts up to date and you'll be fine.
And yeah don't give you passwords to any one(on the Internet) u don't know who is watching you.

what that "vulnerable plugins or products" i had installed lots of plugin....
and scripts? which kinda of script? etc please tell me brother

[bxflow]

wow you have a lot to learn just by asking that last question