vb.org Archive
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   General Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=189)
-   -   Preventative - How to avoid being Hacked by TeamPS i.e. p0wersurge (https://vborg.vbsupport.ru/showthread.php?t=275719)

Black Snow 02-20-2013 09:21 AM
Quote:
Originally Posted by meissenation (Post 2405208)
Your link to LeetHost is offline... ironic? lol

I'm going through the same issue right now - one of my vbulletin sites was defaced - as far as I can tell they only changed the index.php and forum.php files in the forum directory, but it appears they also deleted the adminlog. I found a backdoor/shell PHP file, a mysql backup so they have a full backup of our forum's database, etc. I do not see new users in the administrator section so they didn't create themselves a user on the site. It was a 5 minute fix to get the forum working again but it's really troubling that they were able to add the shell file with such ease...
Yes, they are upgrading some server components at the moment. That will be the same file I found. After I secured my site, well I thought I had, I opened my forum again. Because they had a copy of my database, they had cracked the moderators passwords and logged in with them and started leaving weird posts and threads. I had to edit the usergroups to make all my members change their passwords as soon as they logged in next.

I even had to manually change moderators passwords to ensure the hackers could not harm my forum until the original mods came back online. I would encourage you to do the same. Email all your members and explain what happened and make a compulsory password change immediately.

Quote:
Originally Posted by Inspector G (Post 2405286)
was it a VB 4.2 p 3
Yes is was. Since I moved to LeetHost, I have had no issues with any kind of hacking. No DDoS, hacking, spam or anything. They are really secure.

If you need any more info on this, let me know.

AK47- 04-10-2013 10:49 PM
Quote:
Originally Posted by Black Snow (Post 2405383)
Yes, they are upgrading some server components at the moment. That will be the same file I found. After I secured my site, well I thought I had, I opened my forum again. Because they had a copy of my database, they had cracked the moderators passwords and logged in with them and started leaving weird posts and threads. I had to edit the usergroups to make all my members change their passwords as soon as they logged in next.

I even had to manually change moderators passwords to ensure the hackers could not harm my forum until the original mods came back online. I would encourage you to do the same. Email all your members and explain what happened and make a compulsory password change immediately.


Yes is was. Since I moved to LeetHost, I have had no issues with any kind of hacking. No DDoS, hacking, spam or anything. They are really secure.

If you need any more info on this, let me know.
Shadow008 suuuuuuuuuuuuuuuuuuuuuuuuuup xD Advertising your hosting hey? xD

y2ksw 04-28-2013 02:55 PM
Another important issue against hacking is the basic server configuration. One of the encountered problems are the Apache mpm_worker module together with fast-cgi, which eventually run a bit faster, but will not allow to sandbox virtual hosts.

In order to allow sandboxing virtual hosts, and thus avoid that other infected sites on a single server will spread over other domains, you should use mpm_prefork and then, in each virtual host configuration:
Code:
<Directory /vhosts/domain.tld/httpdocs>
php_admin_value open_basedir /vhosts/domain.tld
php_admin_value upload_tmp_dir /vhosts/domain.tld/tmp
# ... other settings
</Directory>
Eventually you could use the systems (default) tmp folder, by adding its path to the sandbox:
Code:
<Directory /vhosts/domain.tld/httpdocs>
php_admin_value open_basedir /vhosts/domain.tld:/tmp
# ... other settings
</Directory>
This is particularily important when you already have had a defacement and can't determine which domain got hacked.


All times are GMT. The time now is 10:50 AM.
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01232 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete