vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Hacked (https://vborg.vbsupport.ru/showthread.php?t=312274)

Terrablade 06-19-2014 05:19 PM
I do. Working on it

RichieBoy67 06-19-2014 05:33 PM
ok, well the very first thing once you get it up is to scan it for shell scripts, etc.. start with webmaster tools.

I also do text searches on my pc when I have the files to find shell scripts or debase64 code. And if your server has cpanel there is usually a virus scanner that catches most of those scripts.

Max Taxable 06-19-2014 09:24 PM
Quote:
Originally Posted by Terrablade (Post 2502640)
It wasnt that Always had them. This happened as soon as I installed those 2 new skins :/
Using "nulled" scripts isn't a very intelligent thing to do. Jus' sayin.

RichieBoy67 06-19-2014 10:03 PM
Quote:
Originally Posted by Max Taxable (Post 2502667)
Using "nulled" scripts isn't a very intelligent thing to do. Jus' sayin.
True,

I cannot tell you how many hacked site I have repaired that were hacked through nulled versions of Vbseo or other scripts. It is not always easy to know though if those sites have a nulled version unless looking for it.

Those scripts though almost always have extra's added... it just may take the guy who put it there some time to find you but he can do so pretty easily with a Google search and then bam...

Max Taxable 06-19-2014 10:30 PM
Yep, lowlifes who null licensed scripts and software aren't doing it out of a sense of philanthropy.

Terrablade 06-20-2014 02:47 AM
clamav found nothing on homedir

RichieBoy67 06-20-2014 09:00 PM
Well it could just be an extra php file that a virus scanner would not catch. use the suspect versions under maintenance in the admincp and check those files to make sure they either belong to VB or the mods you have.

TheLastSuperman 06-21-2014 03:09 AM
Quote:
Originally Posted by RichieBoy67 (Post 2502831)
Well it could just be an extra php file that a virus scanner would not catch. use the suspect versions under maintenance in the admincp and check those files to make sure they either belong to VB or the mods you have.
Exactly (cannot catch comment) the issue about that is, some of these files are custom coded per site or revised every so often so if it's a new script chances are your anti-virus is not going to detect it (server level or even your personal anti-virus if you download files from your server to your pc) HOWEVER this is why they have the Suspect Files maintenance tools in the admincp.

On the note of suspect files, you should always compare your vBulletin files to that of the original files within the .zip - What is different?

- Well the only thing that should be different is added files from modifications so simply verify those were not modified, compare your "supposedly stock" vBulletin files to the same files in a fresh copy of the same version you were running and if nothing differs i.e. the vBulletin files match (filesize and upload timestamp/date should all be the same if not within a minute or two of each other, timestamps can help indicate a malicious file too) that of those in the .zip AND all modification file sizes match then what remains? Chances are those are the bad files but remember to clone the directory before making changes or deleting files.

RichieBoy67 06-21-2014 04:36 AM
Quote:
Originally Posted by TheLastSuperman (Post 2502883)
Exactly (cannot catch comment) the issue about that is, some of these files are custom coded per site or revised every so often so if it's a new script chances are your anti-virus is not going to detect it (server level or even your personal anti-virus if you download files from your server to your pc) HOWEVER this is why they have the Suspect Files maintenance tools in the admincp.

On the note of suspect files, you should always compare your vBulletin files to that of the original files within the .zip - What is different?

- Well the only thing that should be different is added files from modifications so simply verify those were not modified, compare your "supposedly stock" vBulletin files to the same files in a fresh copy of the same version you were running and if nothing differs i.e. the vBulletin files match (filesize and upload timestamp/date should all be the same if not within a minute or two of each other, timestamps can help indicate a malicious file too) that of those in the .zip AND all modification file sizes match then what remains? Chances are those are the bad files but remember to clone the directory before making changes or deleting files.
Well said. I see why we call you superman. :)


All times are GMT. The time now is 11:57 AM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01067 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete