Hacked Again

[K D Umbaugh]

I keep getting hacked, should I remove CMPS?

Where should I start with my server company, vBulletin, or here?

I've shut down all pages and turned off CMPS still hacked.

check it out and please give me a recommendation on how to fix this.

http://www.neighborhoodroundtable.com

[Scott_H]

That's pretty scary dude, what makes you think there coming through vBadvanced? I know vBulletin puts alot of effort in security an vBadvanced is just a frontpage. Security code I'd think was still all vBulletin.
Are they just adding their version of a index.html page or wipeing out all of your vb's php files? Might have something on your pc recording your password an just need to find it an reset your server password. Handy tip there is I cut-n-paste my passwords nowadays trying to avoid keyloggers.

[KW802]

Quote:

Originally Posted by K D Umbaugh

I keep getting hacked, should I remove CMPS?

Where should I start with my server company, vBulletin, or here?

I've shut down all pages and turned off CMPS still hacked.

check it out and please give me a recommendation on how to fix this.

What makes you think CMPS has anything to do with your site being hacked?

[HenrikHansen]

There is a sticky thread in vbulletin.com how to make you forum more secure.
http://www.vbulletin.com/forum/showthread.php?t=194701

I do not know how they enter, but I am quite sure it is not vbadvanced.
I had some problems with hacking once, I changed my database password to some real unbreakable, and then I renamed my /admincp directories to other names. You can also password protect your /admincp directories so only you can enter in case others know the location.

[CareyCrew]

Quote:

I keep getting hacked, should I remove CMPS?

Where should I start with my server company, vBulletin, or here?

I've shut down all pages and turned off CMPS still hacked.

check it out and please give me a recommendation on how to fix this.

URL REMOVED
______________

Please remove the link to your forum, your forum is infected with a trojan.

Members note do not visit the link provided. link!

[K D Umbaugh]

the server company thinks it from either vbulletin or vbadvance. In searching my server files I found a file called egy_spider.php and 8 virus programs

I believe they are getting thru the server, or thru a header file

I have no idea.

I also get an x inplace of my header and it's linked to test.com

[PhilMcKrackon]

I doubt - err I'm 99.9999999% sure vBa is not the source of your problem. What other hacks, addons do you use?

[K D Umbaugh]

I'm back running, and hope everything is secure.

Link is work and no virus found on server

[KW802]

Quote:

Originally Posted by K D Umbaugh

I'm back running, and hope everything is secure.

You still have vBulletin turned off.

[K D Umbaugh]

Quote:

Originally Posted by KW802

You still have vBulletin turned off.

still afraid of being hacked

[PhilMcKrackon]

Quote:

Originally Posted by K D Umbaugh

still afraid of being hacked

Kinda hard to run a site that way... You never did answer what other hacks and addons you use.

Did you follow thread posted at VB.org on securing your site? http://www.vbulletin.com/forum/showthread.php?t=194701

[motowebmaster]

Can you provide some information on what the trojan/hack was, and what files were changed?

The irony is that while vb or cmps files may be modified, it doesn't mean that they themselves are the cause. If one wants to crack a vb site, it is easier to reach more of "the pages" by modifying cmps since it wraps around vbulletin.

[HenrikHansen]

You might also find it interesting to read this new thread about this issue
at vbulletin.com http://www.vbulletin.com/forum/showthread.php?t=286834