Got my major site hacked

Someone this morning was able to successfully add a index.html file and a file called installasi.php. I’m on a dedicated server, my main site i’m talking about is .

The index file contained:

Hacked by Metlek
NO War
Stop War

and some image of war.

and the installasi.php had:




I have no idea how they were able to access my main ftp to transferr those files, they didn’t touch anything except for the added index.

Anyone have an idea how they were able to add thoes files? I have took the measures to disable all my ssh on all 10 accounts i have except my main one, and changed the passwords to all of them to a randomly generated password. the php script detected as a virus on my PC scanner, so I disabled it and downloaded and viewed it with my notepad. It seems like it tries to connect to mysql using password list and brute forcing.

Anyone run into a similar situation? This really ticks me off. but i’m glad they didn’t do any damage. What should i be checking for? i checked all the directories and seemd normal for now.

I hope you contacted support.

My first suspicion would be that someone entered through a vBulletin vulnerability. The latest version is 3.6.0, and you’re running 3.0.7.


hmm, yes, I notified the support. I’m actuallly in process of working on new site with the newest vbb build.

This may be of interest to you:

It sounds like you took some good actions, but upgrading vb should definitely be top priority for you right now.

Check out Gordaen’s Knowledge, the blog, and the MR2 page.