vb.org Archive
Page 3 of 8 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Hacked by Team Animus? (https://vborg.vbsupport.ru/showthread.php?t=263202)

borbole 05-11-2011 07:27 PM
Quote:
Originally Posted by GRJoker (Post 2194559)
When I try and run the Query and it does not allow me to do so, Where exactly do you have to go and do the Query?
I assume you tried to run it from your Acp, right? You should enter your uid at the can run queries part at the config.php file to be able to run queries from your Acp.

Anyway, you can also run the query at the SQL box at your phpmyadmin in the CP of your host.

Bulldog Stang 05-12-2011 12:45 AM
I have now been hacked twice. I followed the stated guidlines and updated my CYB - Advanced Forum Rules as well. I have checked all files in FTP and removed any new ones. Also checked the db and deleted the new user.

I do not know what else to do here.

AusPhotography 05-12-2011 02:25 AM
We were attacked again today. Similar attack, but slightly different payload.
VSa - Advanced Forum Rules is the latest version, so I think there is another hole maybe in another plugin.

vijayninel 05-12-2011 03:22 AM
Quote:
Originally Posted by snoopytas (Post 2194640)
We were attacked again today. Similar attack, but slightly different payload.
VSa - Advanced Forum Rules is the latest version, so I think there is another hole maybe in another plugin.
What other plugins do you have? Are you sure they didnt leave any backdoors for them to come back the last time they hacked you?

AusPhotography 05-12-2011 04:29 AM
I have several other plugins.
I restored from a backup and re-loaded all scripts and removed vsa.php index.html etc.

The new payload concerns me, similar but different. It did include vsa.php (again)

HTML Code:
<head>
<title>hack by liut</title>
<script src="party.js"></script>
</head>
<body bgcolor="black">
<br/><br/>
<center>
<font color="white">make sur u turn up ur speakers so u can here me talk about the hack n express my opinions. btw i hacked slq injector db decriptin passwrds rite now :)</font>
<img src="http://i.imgur.com/QBquY.jpg" />
<object width="0" height="0">
<param name="movie" value="http://www.youtube.com/v/3a56LO3heac&autoplay=1&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00"></param>
<param name="allowFullScreen" value="true"></param>
<param name="allowscriptaccess" value="always"></param>
<embed src="http://www.youtube.com/v/3a56LO3heac&autoplay=1&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="0" height="0">
</embed>
</object>
<object width="0" height="0">
<param name="movie" value="http://www.youtube.com/v/Xi5ZUVP62Iw&autoplay=1&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00"></param>
<param name="allowFullScreen" value="true"></param>
<param name="allowscriptaccess" value="always"></param>
<embed src="http://www.youtube.com/v/Xi5ZUVP62Iw&autoplay=1&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="0" height="0">
</embed>
</object>
<font color="white">Phillip S Roberts<br />
14 Prince's St N<br/>
Exeter, Devon EX2 9AL, UK<br/>
i dar u 2 com get me u lil pussies i been doin mma for 4 months i can tak u</font>
</center>
</body>
</html>
--------------- Added [DATE]1305183220[/DATE] at [TIME]1305183220[/TIME] ---------------

I just found that I had the fist fixed version not the 2nd. Damn!

DeanoUK 05-12-2011 08:59 AM
Yep I've been hacked for the second time too - like the first time I didn't have that user or the vsa.php files etc. Just turned my forum off and removed my admin rights.

I've turned off all extensions for now, while this story pans out.

Infopro 05-12-2011 09:33 AM
You guys should check your own computers for issues. Are you using an FTP client that stores your passwords in plain text? Are you using SFTP for connecting to your server?

kh99 05-12-2011 09:37 AM
I think I've noticed another potential problem in Advanced Forum Rules. I've sent a PM to Valter but haven't heard back yet (is there someone else I should contact?)

borbole 05-12-2011 01:26 PM
Quote:
Originally Posted by kh99 (Post 2194701)
I think I've noticed another potential problem in Advanced Forum Rules. I've sent a PM to Valter but haven't heard back yet (is there someone else I should contact?)
I think in such cases you can contact the admins here.

RCKSTR 05-13-2011 08:23 PM
Just got the quarantine email, again


All times are GMT. The time now is 02:40 PM.
Page 3 of 8 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01837 seconds
  • Memory Usage 1,747KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_html_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete