Hi

HAckers got access to my admincp and uploaded a remote shell script http://itsecbiz.blogspot.com/2011/07...f-you-got.html and defaced my site as well as reset passwords for some users.

I have deleted the plugin and I have added extra security on the admincp folder. I have also deleted all files on my server and uploaded the latest 4.1.8 vb files and upgraded to this version.

Am I safe now from the hackers?? Is there any way they could of injected some sort of code in to my database and get access to users passwords via this?? I have deleted all styles on my site and created a new default one.

I have also changed all passwords. Is there anything else I can do??

Thanks

use .htpasswd and .htaccess for admincp, modcp install, includes, packages, and vb folders also rename the admincp and modcp folders

You can read these steps and see if that's something u wants to do.

Protect the following folders with .htacess: install (it shouldn't b there at all) - admincp - modcp.

Update vBulletin to the lasted version and use only trusted nulled vb versions.

Use a Random Password Generator.

Update Your Server Software APACHE/MYSQL/PHP/etc.

Remove the vB version on the footer and archive

Give only Trusted users High Ranks

Scan your PC of Viruses with a good Anti Virus Like Kaspersky,Anti Vir.

Dont Download every file what someone sends you.

Dont install mods/hacks that are not trusted or modfied by a unknown coder.

Dont use BETA/ALPHA vBulletin versions on a running online site.

Chmod Config Files 777 Rest Files 644

Configure your Server and Update it against known attacks: DDos etc.

Here are few most important changes for php-savvy admins to do (or forum system programmers to initiate) are:

Use a Protected Server network Firewall - Reserve Proxys etc.

unique names for admin control panel on every installation.

unique names for the core member database table on every installation.

unique names for the password field of the member database on every installation.

custom MD5 hashes for posting to the forum to authenticate a logged-in session (prevent spamming and automated posting scripts without using a captcha).

I have deleted the plugin What plugin?

You can read these steps and see if that's something u wants to do.


Protect the following folders with .htacess: install (it shouldn't b there at all) - admincp - modcp.

Update vBulletin to the lasted version and use only trusted nulled vb versions.

Use a Random Password Generator.

Update Your Server Software APACHE/MYSQL/PHP/etc.

Remove the vB version on the footer and archive

Give only Trusted users High Ranks

Scan your PC of Viruses with a good Anti Virus Like Kaspersky,Anti Vir.

Dont Download every file what someone sends you.

Dont install mods/hacks that are not trusted or modfied by a unknown coder.

Dont use BETA/ALPHA vBulletin versions on a running online site.

Chmod Config Files 777 Rest Files 644

Configure your Server and Update it against known attacks: DDos etc.

Here are few most important changes for php-savvy admins to do (or forum system programmers to initiate) are:

Use a Protected Server network Firewall - Reserve Proxys etc.

unique names for admin control panel on every installation.

unique names for the core member database table on every installation.

unique names for the password field of the member database on every installation.

custom MD5 hashes for posting to the forum to authenticate a logged-in session (prevent spamming and automated posting scripts without using a captcha).

https://www.vbulletin.com/forum/showthread.php/390813-Admin-Login-Possible-Hack?p=2231088&viewfull=1#post2231088
you are wrong about the install folder

I am not a tech and so would not presume to advise on that side of things, but have you considered why some one would go to the trouble of hacking you?

Have you alienated some one recently? A pissed off ex or current member could do many things to a site.

Improving security may not be as effective, if the hacker is motivated by past grievances.

And this issue, if there, may need to be resolved in a reasonable manner as well.

The defacing of a site has to have a reason.
You ask if there is anything else you could do.
I would consider it wise to check if you have upset anyone unjustly recently.

[QUOTE=K!nG;2274125]You can read these steps and see if that's something u wants to do.

Remove the vB version on the footer and archive[QUOTE=K!nG;2274125]

How do you remove it? I was under the impression if you did, VB wouldn't work correctly?

https://www.vbulletin.com/forum/showthread.php/390813-Admin-Login-Possible-Hack?p=2231088&viewfull=1#post2231088
you are wrong about the install folder

Well do ppl really keep install folder after the installation in their forums directory ???? As far as i heard and have seen around no one suggests to keep install folder once ur installation is done. I forgot to type "if u still have it".

--------------- Added 1322975102 at 1322975102 ---------------

[QUOTE=K!nG;2274125]You can read these steps and see if that's something u wants to do.


Remove the vB version on the footer and archive[QUOTE=K!nG;2274125]

How do you remove it? I was under the impression if you did, VB wouldn't work correctly?


Yes, you can remove the version number. To do this, edit the 'powered_by_vbulletin' phrase and replace this:

Powered by: vBulletin Version {1}<br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

With this:

Powered by: vBulletin <br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

Note: To edit a phrase, place the new phrase in the available language text boxes

You can remove ur version number and its not against vbulletin rules & regulations.

The defacing of a site has to have a reason.It really doesn't. These script kiddies do it for net "street cred" wherever they find a exploit they know about. It's usually nothing personal against the defaced site at all.

Well do ppl really keep install folder after the installation in their forums directory ???? As far as i heard and have seen around no one suggests to keep install folder once ur installation is done. I forgot to type "if u still have it".

--------------- Added 1322975102 at 1322975102 ---------------

[QUOTE=Breakthecycle2;2274429][QUOTE=K!nG;2274125]You can read these steps and see if that's something u wants to do.


Remove the vB version on the footer and archive


Yes, you can remove the version number. To do this, edit the 'powered_by_vbulletin' phrase and replace this:

Powered by: vBulletin Version {1}<br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

With this:

Powered by: vBulletin <br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

Note: To edit a phrase, place the new phrase in the available language text boxes

You can remove ur version number and its not against vbulletin rules & regulations.

I think you mean the install.php not the whole folder

It really doesn't. These script kiddies do it for net "street cred" wherever they find a exploit they know about. It's usually nothing personal against the defaced site at all.

I agree. The vast majority of "hacking" is more or less random, not targeted acts of retribution. The ones that are targeted are big name forums that will get the hacker exposure for bringing down a popular site- it is almost never because someone was upset with the admin of a site.

In some ways I agree with you both when referring to what is generally termed script kiddies.

There are several levels of "hacking" and "hackers" if I may use those as generic terms.

While the "script kiddies may do this for the street cred as has been pointed out, I feel that the same could not be said for those 'hackers" who operate on a much higher technical level.

Some of the ex members of certain government groups who began to offer their services in the market place, after the end of the cold war, are literally "Guns for hire" and have been known to deface and attack sites that had offended some people.

In some ways even though it could not technically be called hacking, the DDOS attacks on several sites because some one is upset with either their policies or the direction that an owner or admin is taking it
shows that action can and has been taken against sites for some form of "payback"

While it could be argued that such groups as "Team poison" and " Anonymous" may indeed go after some large organizations, they are a lot more advanced in their abilities than the street creed script kiddies and it could be argued that they are going after an admin or his policies rather than just going after street cred.

There are many "attacks" done on sites for many reasons. I perhaps did not make myself clear. I was not referring to basic "script kiddies" but those who have a lot more ability.

In some ways I agree with you both when referring to what is generally termed script kiddies.

There are several levels of "hacking" and "hackers" if I may use those as generic terms.

While the "script kiddies may do this for the street cred as has been pointed out, I feel that the same could not be said for those 'hackers" who operate on a much higher technical level.

Some of the ex members of certain government groups who began to offer their services in the market place, after the end of the cold war, are literally "Guns for hire" and have been known to deface and attack sites that had offended some people.

In some ways even though it could not technically be called hacking, the DDOS attacks on several sites because some one is upset with either their policies or the direction that an owner or admin is taking it
shows that action can and has been taken against sites for some form of "payback"


While it could be argued that such groups as "Team poison" and " Anonymous" may indeed go after some large organizations, they are a lot more advanced in their abilities than the street creed script kiddies and it could be argued that they are going after an admin or his policies rather than just going after street cred.

There are many "attacks" done on sites for many reasons. I perhaps did not make myself clear. I was not referring to basic "script kiddies" but those who have a lot more ability.You specifically said "defacing" in your earlier post, asserting it had to have "a reason." It does not. Moving the goalposts now really doesn't help either - since defacing, botnet administering and DDoS attacks are also strictly script kiddie central. None of these takes any well refined or advanced skills to accomplish.

You're saying people hire EVOL HAX0RS to attack sites they're mad at, like any of these Hax0rs actually hang their shingle out and work for chump change. It just doesn't make any sense.

You're saying people hire EVOL HAX0RS to attack sites they're mad at, like any of these Hax0rs actually hang their shingle out and work for chump change. It just doesn't make any sense.


Yes people do hire "hackers" to attack sites. I never said anything about "chump change:" As you put it.
( I am not really sure what this means, it may be an Americanism I am unfamiliar with? I take it to mean small change but I may be wrong) I am not American.
In fact some of the scammers for example, who hire techs or hackers to launch the attacks on sites have available a lot of money.

When they are raking in millions of dollars weekly, a few thousand dollars to pay for the services of some hackers is not a lot of money to them if it protects their income.
Hence the quite large numbers of DDOS attacks on some anti-fraud sites a while back.

Your reference to hanging out a shingle is obviously facetious. however I am sure that anyone who is determined, could hire some hackers to do this type of work.

Many scammers and or people who are using the internet fraudulently, would have a high chance of knowing others who could assist them if they wanted to attack a site. or even belong to a gang or gangs who derive their income from internet fraud. And could already have several contacts who do phishing or hacking regularly.


The defacing of a site has to have a reason.
Yes you are correct I did say the above. even if a site was defaced to enable a script kiddy to gain some street cred then that is also a reason. So my statement seems to be correct.

I have no wish to argue with you and disturb the harmony of this forum and I would appreciate you also bearing this in mind. If I am wrong then I can accept some one pointing this out, but I think you would agree that sarcastic comments are not in the best interest of anyone. Thanks . AL.

Yes people do hire "hackers" to attack sites. I never said anything about "chump change:" As you put it.
( I am not really sure what this means, it may be an Americanism I am unfamiliar with? I take it to mean small change but I may be wrong) I am not American.
In fact some of the scammers for example, who hire techs or hackers to launch the attacks on sites have available a lot of money.

When they are raking in millions of dollars weekly, a few thousand dollars to pay for the services of some hackers is not a lot of money to them if it protects their income.
Hence the quite large numbers of DDOS attacks on some anti-fraud sites a while back.

Your reference to hanging out a shingle is obviously facetious. however I am sure that anyone who is determined, could hire some hackers to do this type of work.

Many scammers and or people who are using the internet fraudulently, would have a high chance of knowing others who could assist them if they wanted to attack a site. or even belong to a gang or gangs who derive their income from internet fraud. And could already have several contacts who do phishing or hacking regularly.



Yes you are correct I did say the above. even if a site was defaced to enable a script kiddy to gain some street cred then that is also a reason. So my statement seems to be correct.

I have no wish to argue with you and disturb the harmony of this forum and I would appreciate you also bearing this in mind. If I am wrong then I can accept some one pointing this out, but I think you would agree that sarcastic comments are not in the best interest of anyone. Thanks . AL.Hax0rs pretty much stay hard to find, for very good reason. And they don't work cheap. The likelihood of one being hired to do something as simple as deface a forum is highly improbable.

The idea you expressed is that most forum defacing occurs due to disgruntled members. My point is, that's not accurate. Most forum board defacing occurs because some script kiddie found one with a exploit he is familiar with.

And that's all.

Well however you slice or dice it they sure screwed up the place.