Jump to content
Key

Forum hacked

Recommended Posts

Key

Hello!

 

The popups issue reoccurred.

 

The forums have been hacked because of an exploit in an old plugin, but even if we removed the plugin the hack is still there, I think it has already compromised the server. It remains latent for a few days, after I reinstall all vBulletin files, and then the popups appear again.

 

So yeah, we gotta ask a professional company for help, Sucuri which will cost us $299.99.

 

We don't really have other choice, as I talked to the vBulletin support and I followed all steps they mentioned - upgraded vBulletin, changed admin password for forums, server (SSH/SFTP, login to server), deleted old plugins (as you saw Tapatalk wasn't available for a few days, the Arcade was changed, the Thank you/Like system was changed), I restricted permissions on forum folders, but the hack still reoccurs every 3 days. It seems they already compromised the server and all that vBulletin staff says right now is to have a pro company check the server for malaware and remove them.

 

No sensitive data was lost (no passwords, usernames, profiles, messages, anything) and no virus was sent to our members. The only thing that was hacked is the server/forums, to create popups so the hacker earns each time the popup is shown to YO members.

 

We will pay to have this company check the server and remove all infection. I am really sorry for this situation. As long as they will work, I might need to close the forums. I will post updates either here, or on Facebook/Twitter.

 

 

EDIT: The issue was solved, I gave all details in this post.

Share this post


Link to post
Share on other sites
Rebel Heart

Damm that is shitty. I will donate some extra next month. Thank you key for explanation and work on this. Must be tough to have to deal with these setbacks.

Share this post


Link to post
Share on other sites
cruciatus

Oh dear. This hacking business seems to be going around, it happened on another yaoi manga forum recently. I hope the security check works. All the best, dealing with this must be hard on you guys.

Share this post


Link to post
Share on other sites
voide

Thank you so much for telling this. This must be hard on you guys. All the best & thank you for the hardwork! (Ah, I see what I can contribute) Thanks again.

Share this post


Link to post
Share on other sites
Lemur7

Good Grief ...not here also ...I guess we can be thankful that it is an exploit for just pop-ups rather than taking info or members files...if all else fails try using a fake index file ..and have the real one hidden under another name on the server...it's an old trick used on Apache servers from long ago,,when the net was a baby and no real security existed

Share this post


Link to post
Share on other sites
Key

@Lemur7

Yeah, just that the issue is that not the index file is hacked, the forum is hacked on a deeper level, perhaps server level. We even replaced all the files totally and after 2-3 days, the popups are back. Various .js files randomly get altered and we suppose they let a backdoor somewhere on the server. We'll know more when the pro team will start working.

Share this post


Link to post
Share on other sites
littlespiral

oh man~! that sucks. i wish i could do something to help maintain this forum from those damn hacking. i'll try to make more monetary contribution to this forum. thanks for your hard work though, @Key. really appreciate it ^_^ must be hard on you guys. hang in there alright! ᕙ( * •̀ ᗜ •́ * )ᕗ

Share this post


Link to post
Share on other sites
voide

I haven't gotten the issue the time I wrote my comment. But today whenever I tried to click, popups showed up. Thank you for the heads up guys. And thank you for all the hardwork to make the forum get on track & better.

Share this post


Link to post
Share on other sites
Key

UPDATE: The company started working, we just need patience until they scan everything on the server. I'll post all details and the findings once the operation is done.

 

NOTE: The popups will keep appearing until we manage to have everything cleaned.

Share this post


Link to post
Share on other sites
Key

The forum is back but the works are still ongoing on the server. I've re-uploaded all vBulletin files again to temporary get rid of the popups until the works are finished. I'll update with all details once the work is done. This is surely taking more time than we expected... But yeah, fixing a hacker's damage is a hard task, so, we gotta be patient.

 

Note: Make sure to clear your browser's cookies. You can either use a free soft like CCleaner, or clean them manually from the browser. For those who don't know how to do it, please check this post.

Share this post


Link to post
Share on other sites
Lemur7

thanks Key ..I know how hard this is on you and your staff...

btw the "Coll" that posted on your FB page just happens to be me ..lol

hang in there soon this place will be back to normal...

Share this post


Link to post
Share on other sites
nikitazero678

So that's why the forum is inaccessible recently. Good thing that my laptop is not infected by malwares.

 

Until the problem is fully fixed I have to activate my adblocker on this site to prevent these annoying popups from appearing.

 

Hope everything can be back to normal soon.

Share this post


Link to post
Share on other sites
Key

@nikitazero678

This hack CANNOT infect members computers and CANNOT steal any personal information. It only affects the site itself and currently the popups are inactive cause we re-uploaded all the site's files once again. Soon, once the entire server is cleaned, the popup issue shouldn't return at all.

Share this post


Link to post
Share on other sites
fan_yaoi

Thank you explaining and updating us key.

I like updates X] ...

Share this post


Link to post
Share on other sites
Dragongirl26

Thanks for everything ^^ the site still awesome so thanks for keeping it great.

Share this post


Link to post
Share on other sites
Dr.Doomsday

I noticed pop-ups about 6 or 7 hours ago, when clicking on the text-area of the chat.

But I think it's gone now...

Share this post


Link to post
Share on other sites
gin

Oh this was the reason I stopped visiting the site while using Mobile since I can't get past the horde of pop-ups.

Share this post


Link to post
Share on other sites
Tetsu

It's been ages like months since i last came here. I'm sad this is the first thing I have to see ):

 

I hope everything get better soon. ^^

Share this post


Link to post
Share on other sites
Lemur7

just letting you know ...the pop-ups have returned ...had to try 3 times to post this

but it was a record almost a full week before they struck again ..

hang in there Key ...I know things will get done to fix it...

I will do as before add the urls to a blocking list in my comps host file

 

PS ..to all folks a bit techy you can add each address of each pop-up to your "hosts file" put 0.0.0.0 a space and the url ..it tells your computer to block that url ...!!!

Share this post


Link to post
Share on other sites
Key

@Lemur7

Clear your browser's cache (selecting 'from the beginning of time') and the popups should be gone again.

 

Yes, the team is still working. They are surely taking their time with this...

Share this post


Link to post
Share on other sites
Dr.Doomsday

Just wanting to mention, I've had pop-ups using the chat, tonight (it's 2 in the afternoon right now around here, don't know where to look to tell you the exact time when that occured) and just now logging in there were new ones, too, when I tried typing in my password.

 

I hope that will be gone for good, soon.

I just joined the site like... maybe a month ago and I really fell in love with it.

It's just mean of those hackers to attack you.

 

But one question: I got my adblocker switched off, but I don't see any advertisement on the site at all.

Is this normal? Or... where should it be showing up?

Share this post


Link to post
Share on other sites
Key

@Dr.Doomsday

Make sure to clear your browsers cookies as at the moment you shouldn't be receiving popups if your cache is clean.

 

You should be seeing ads at the bottom of the forums and in threads, after the first and last post (banner ads only).

Share this post


Link to post
Share on other sites
Pathetically_Yours

It's just that I can't log in my old account.. It was lost and when I tried to create a new account using my old e-mail add, it keep on saying E-mail is on use or something.. Also, I can't download bl novels.. What happened. I tried to go on BL novel members only forum, only the first page is available and the rest was gone..

Share this post


Link to post
Share on other sites
Saga

@Pathetically_Yours,

 

I don't understand why are you posting here when this has nothing to do with the forums being hacked.

If you forgot your password, you could've requested a pass-recovery.

 

The BL section was divided in two, these for public viewing and where users can purchase the books

and for members only(downloads). Go to the downloading section, you will see it.

 

Have a good day.

Regards,

Saga

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...