vBulletin hacked forums: Clean Up Time

by eva2000 · Published September 22, 2013 · Updated March 5, 2017

---

• Background
• Step 0
• Step 1
• Step 2
• Step 3
• Step 4
• Step 5
• Step 6
• Step 7
• Step 8
• Step 9
• Step 10
• Step 11

---

Step 2. Put up forum wide announcement for folks to mention the breach and need to change their password

Step 3. Review your admin users in your administrator usergroup. Then take notes on the exact username used as well as the userid they belong to. You may need this information for running a check against vB adminlogs. Then delete any that don’t belong. Don’t ban them. Don’t make them regular users. Delete them. But if you didn’t take notes of the exact username and userids the hacker created, you can also find them using vbplugincheck.sh tool outlined below.

Share

Tags: avg anti-virusavgscanbase64clean up hacked forumsclean up hacked vbulletinhackediframesmaldetmalwarephp back doorsphp cmd shellvb4vb5vbplugincheck.shvbulletinvbulletin hacked

You may also like...

• vBulletin hosting – List of questions to ask a new web host

  April 18, 2011

   by eva2000 · Published April 18, 2011 · Last modified April 27, 2011

• MySQL Error Messages: MySQL server has gone away & Lost connection to server during query

  March 20, 2011

   by eva2000 · Published March 20, 2011 · Last modified November 8, 2011

• vBulletin 4.1.12 PL1 released with security fix patches for vB 4.1.2 to 4.1.12

  April 26, 2012

   by eva2000 · Published April 26, 2012