• Important! If you attempt to register and do not get an email within 5 minutes please check your spam box. This is especially true for Microsoft owned domains like Hotmail, Outlook, and Live. If these do not work please consider Gmail. Yahoo, or even AOL email which works fine.
  • JUOT.ORG NOW ACTIVE

    Please update any bookmarks from juot.net to juot.org and start using it.

    The juot.net URL will be going away March 1st, 2025.

malware?

BirdOPrey5

BirdOPrey5

Staff member
VIP
I haven't heard anything but I haven't been active over there since the surgery... Will get back in the swing of things later this week I hope.
 
abqtj

abqtj

I'm a damn delight!
Staff member
Administrator
VIP
BirdOPrey5 said:
I haven't heard anything but I haven't been active over there since the surgery... Will get back in the swing of things later this week I hope.
Click to expand...
:beerchug:

Any tips for finding/removing this threat? Or can you steer me in the direction of a website for it?
 
abqtj

abqtj

I'm a damn delight!
Staff member
Administrator
VIP
Joe...I found and deleted a page that got uploaded by the malware somehow. So sort of redirector.
 
abqtj

abqtj

I'm a damn delight!
Staff member
Administrator
VIP
Someone accessed the control panel using the Administrator user name 6 times in Oct and 1 time in Nov, each time updating, uploading, etc different plug ins (that aren't there anymore...not sure where/why).

Oh, and the Administrator password has been changed
 
BirdOPrey5

BirdOPrey5

Staff member
VIP
abqtj said:
Joe, or whoever, how can this be fixed?
Click to expand...
Sorry I thought you meant you changed your administrator password.

Here's what you need to do- make a new account (regular user account)

Upload the file tools.php which is in your DO_NOT_UPLOAD folder of your vbulletin installation files.

Upload it to your admincp directory

Browse to your tools.php file in your browser

This page will allow you to make your new username an administrator

Delete tools.php as soon as you are done...

Now edit your config.php file... If your old admin account was a superadmin and/or uneditable user, remove their userid from config.php and make your new userid a super admin.

Login to admin cp and you can now change the password of the original admin account in user manager.
 
abqtj

abqtj

I'm a damn delight!
Staff member
Administrator
VIP
BirdOPrey5 said:
Sorry I thought you meant you changed your administrator password.

Here's what you need to do- make a new account (regular user account)

Upload the file tools.php which is in your DO_NOT_UPLOAD folder of your vbulletin installation files.

Upload it to your admincp directory

Browse to your tools.php file in your browser

This page will allow you to make your new username an administrator

Delete tools.php as soon as you are done...

Now edit your config.php file... If your old admin account was a superadmin and/or uneditable user, remove their userid from config.php and make your new userid a super admin.

Login to admin cp and you can now change the password of the original admin account in user manager.
Click to expand...
:beerchug:

Thanks Joe, I'll do that!
 
abqtj

abqtj

I'm a damn delight!
Staff member
Administrator
VIP
Oh...if MY username is already a superadmin and uneditable, can I just do the lower part of that (edit config on down?)
 
BirdOPrey5

BirdOPrey5

Staff member
VIP
You need to make sure the hacked account isn't uneditable because if it is you can't change the password.
 
neelandan

neelandan

Owner of dot net
Isn't this a sort of instructions to hack into any Vbulletin site?

OK - providing there is access to the files in question.
 
BirdOPrey5

BirdOPrey5

Staff member
VIP
This is in the vBulletin manual which is a public document.

You would already need FTP access, and if you have that you pretty much already own the site.
 
neelandan

neelandan

Owner of dot net
Gotcha.

I would dribble out bits of that just to look the part I've been painted in - as a sort of uber tech capable of delving into anybody's computer at will.
 
You must log in or register to reply here.
Top