vb.org Archive - 4.2.1 PL1 hacked, what to look for in logs

Page 3 of 5

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - 4.2.1 PL1 hacked, what to look for in logs (https://vborg.vbsupport.ru/showthread.php?t=313608)

ozzy47

08-10-2014 06:39 PM

Does it happen to list the forums?

ifitsmedia

08-10-2014 06:41 PM

Yea it does list the forums. Checking them, it seems to flag the forums that have an HTML link in the forum description. Nothing harmful, just internal links pointing to rules etc.

ForceHSS

08-10-2014 06:45 PM

If you allow any group to use even the admin group you should never allow html to be used

ozzy47

08-10-2014 06:48 PM

Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has done quite a few cleanup's after a hack on boards.

ifitsmedia

08-10-2014 06:50 PM

Quote:

Originally Posted by ForceHSS (Post 2510721)

If you allow any group to use even the admin group you should never allow html to be used

Can you explain this more?

ozzy47

08-10-2014 06:53 PM

He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.

ifitsmedia

08-10-2014 06:54 PM

Quote:

Originally Posted by ozzy47 (Post 2510724)

Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has gone quite a few cleanup's after a hack on boards.

Thanks a lot for your time and help ozzy. I'm at a loss as well.

If it were a vulnerability in VB core, I would expect to find more people posting similar stories. How it's happening on my site is eluding me though.

I think searching the Apache raw access logs may reveal the exploit being used, but I don't know what to search for.

ForceHSS

08-10-2014 06:54 PM

There is also a option in each user group that it needs disabled

ozzy47

08-10-2014 06:55 PM

Yeah I would not be sure what to look for either. :(

ifitsmedia

08-10-2014 06:55 PM

Quote:

Originally Posted by ozzy47 (Post 2510732)

He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.

Ok, that is set to NO of course.

All times are GMT. The time now is 04:56 PM.

Page 3 of 5

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01146 seconds Memory Usage 1,734KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: