vb.org Archive
Page 33 of 35 « First 233132 33 3435
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.7 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=228)
-   -   Miscellaneous Hacks - Cyb - Advanced Forum Rules (https://vborg.vbsupport.ru/showthread.php?t=177559)

haytham 05-05-2011 11:22 AM
Thank you Valter for your efforts.

Alfa1 05-05-2011 12:43 PM
Quote:
Originally Posted by Suiram (Post 2192013)
I've read this too. What's it mean exactly? How long after the update? Minutes? Hours?
And do they get hacked if they fix the breach and uninstall the mod?

Because this is the way I read their claims:
  1. their vb forum was using this mod @v4.0.2
  2. the forum was breached
  3. they read it may be the mod at fault
  4. they regain/clean their server/forums (one assumes!)
  5. they install the "fixed" 4.0.3 mod
  6. shortly after (minutes/hours?) they are hacked again
  7. they still blame the mod.
To them I say redo step 4 and then disable/uninstall the mod.
See if you get hacked again.
Yes? ==> Most likely not the mod.
No? ==> Hmmmmm.... ==> Enable/install the mod and now see.

(Unless their server is still compromised because it wasn't "cleaned" properly.)
Good point!

RCKSTR 05-05-2011 01:47 PM
Here is what I found. This may not be a complete list and I encourage others to chime in if I missed anything:

I have removed the following malicious files:

Quote:
[******@gator**** /home/**********/public_html]# stat forums/includes/xml/vba.php
File: `forums/includes/xml/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 38740597 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ *****) Gid: ( 837/ ******)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500
[*****@gator******* /home/******/public_html]# stat forums/includes/vba.php
File: `forums/includes/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 33064053 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ subaru) Gid: ( 837/ subaru)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500

Valter 05-05-2011 02:11 PM
Hacked by Team Animus?

Please read this thread:
https://vborg.vbsupport.ru/showthread.php?t=263202

haytham 05-05-2011 05:50 PM
Quote:
Originally Posted by Valter (Post 2192167)
v4.0.3 - May 04. 2011.
-Security bug fixed

To update:
-Import XML, allow overwrite


If your site has been hacked please check out this post:
http://www.vbulletin.com/forum/showt...15#post2154415
Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!

Langaleer 05-05-2011 06:06 PM
Quote:
Originally Posted by TaBsiCore (Post 2192174)
Is the bug now definitely fixed? Or did the second hack happened over the installed backdoor? The current situation is a bit confusing.
Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!

Alfa1 05-06-2011 12:53 AM
Quote:
Originally Posted by Langaleer (Post 2192374)
Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!
You may be right, but it is also possible that the hack attempt was already in progress before you upgraded to the latest version. So the hacker was already in. And he continued the hacking after you upgraded, because your system was already infected. 15 minutes is quite a short time frame.

I would go through the procedure that Valter posted to get your site in order. After that you can always decide whether or not you want to activate this addon or not.

Valter 05-06-2011 07:49 AM
v4.0.4 - May 06. 2011.
-Fixed: vbseo users not able to switch rules

To update:
-Import XML, allow overwrite

TheKdd 05-07-2011 08:01 PM
Quote:
Originally Posted by haytham (Post 2192369)
Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!
I have the same thing going on. I disabled the hack, and now new registered members are receiving their confirmation e-mail sending them to the smilies page. Did you figure out how to fix this?

haytham 05-08-2011 10:21 AM
No. I had to uninstall all plugins because my host was having issues and I was trying to find if my products were the reason..any way long story short..I had to uninstall it..but I am sure on my new host, I'll install it again.


All times are GMT. The time now is 07:39 AM.
Page 33 of 35 « First 233132 33 3435
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01696 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete