vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Random account set to Administrator? (https://vborg.vbsupport.ru/showthread.php?t=303111)

ozzy47 10-09-2013 10:21 PM
Follow the links in post #6

tbworld 10-09-2013 10:26 PM
Quote:
Originally Posted by ThatGreenAlien (Post 2450890)
Today I woke up to see the newest member, some random account named qaz001 was in the administrator group? We banned them before anything was done, but what is this and what can we do to stop it? Is this like a hack or something? :eek:

I did a google search on the name, and a lot of other random boards have the same account set as an administrator... what's up with this?
Prior to being hacked was your install directory already removed. I am curious?

--------------- Added [DATE]1381361252[/DATE] at [TIME]1381361252[/TIME] ---------------

Quote:
Originally Posted by Grimes (Post 2451455)
I have the same exact thing happening.
Prior to being hacked was your install directory already removed. I am curious?

ozzy47 10-09-2013 10:28 PM
Even if it was, the site could have been compromised before hand, and the script was not executed before today.

Grimes 10-09-2013 10:35 PM
No! Son of a...it wasn't deleted. That's likely the cause then. Removed it. Thank you.

tbworld 10-09-2013 10:37 PM
Quote:
Originally Posted by ozzy47 (Post 2451468)
Even if it was, the site could have been compromised before hand, and the script was not executed before today.
I did realize that, but there was no question I could ask that would insure the desired response. So I am just data collecting.

ozzy47 10-09-2013 10:37 PM
Well ain't that a kick in the bullocks, Now I would definitely follow the links in post #6.

afonseca 10-09-2013 10:49 PM
Thanks for sharing, I noticed the same plugins "ech" installed with the following code:

PHP Code:
if(isset($_GET["ech"])) {
echo("0101");
exit;

I've just deleted them.

DoubleGlasses 10-10-2013 04:28 AM
I am dealing with exactly this -

SO 2 weeks ago - I came to my site and found this
https://vborg.vbsupport.ru/external/2013/10/56.png

Imagine my horror lol!

I tried to lock everything down , removed the bad code and all was quiet. Then 2 weeks later - I get a malicious code warning from my google chrome. I check my admins and Voila! There are like 10 new admins added to my site! So again I locked everything down. Then this morning I wake up to see 10 new registrations - and guess what - they are exactly like what's posted above. So I realize that I never really deleted my install folder.. in fact i just removed the install file to deactivate it. So I'm off to follow the instructions on the links and to try again. I think I"ll be doing a fresh install of VB anyway and deleting all of my plugins till I get to the bottom of this.

Also - I looked in that ech plugin ( and I have 6 of them...) - and this is what I see :
https://vborg.vbsupport.ru/external/2013/10/57.png

tbworld 10-10-2013 05:59 AM
Make sure you read through this thread and especially the post from @ozzy47 and follow the current guidelines -- if you have not already. Sorry you were hacked.

DoubleGlasses 10-10-2013 06:07 AM
Thanks - I'm actually going down that list meticulously and working on locking the site down AGAIN!I'm soo appreciative of you guys and sharing this info...


All times are GMT. The time now is 03:02 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01254 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete