vb.org Archive - Secure your vBulletin board

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - Secure your vBulletin board (https://vborg.vbsupport.ru/showthread.php?t=35346)

No, on the top of the file.

If adding aber "<?php" same error.

Just checked, PHP 4.0.6 is running.

ok the top of config.php should look like

PHP Code:


		
			
<?php



if(!strstr("$HTTP_SERVER_VARS[PATH_TRANSLATED]", "$HTTP_SERVER_VARS[DOCUMENT_ROOT]")) {

  die();

}

/////////////////////////////////////////////////////////////

// Please note that if you get any errors when connecting, //

// that you will need to email your host as we cannot tell //

// you what your specific values are supposed to be        //

/////////////////////////////////////////////////////////////

Reading over this, I appreciate the thought that went into it.

I now know who and why they did this to our vbulletin. nakkid knows the details of it and I am sure the proper people will know. It could have been a database hack or a hack into vbulletin since it was 2.03. I don't know. I still want to believe it was a database hack, but the time frame between this guy getting mad and the time that he hacked the website was very short. Whatever it was, he did it fast, got in, and then got out. We will be checking the logs tomorrow and hopefully will have more detail on what happened. I will inform nakkid and if James, PPN, or Firefly want to know you can get in touch with me or get in touch with Nakkid. Either way, I just don't want this to happen to anyone again. I will be in touch about it as soon as I find out how he got in.

also update your IE browsers for latest security bug fixes some are pretty nasty and can you could expose your entire hard drive to crackers...

i.e.

Another IE security/critical update patch here http://www.microsoft.com/windows/ie/...89/default.asp

Quote:

Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files

Technical description:

Frames are used in Internet Explorer to provide for a fuller browsing experience. By design, scripts in the frame of one site or domain should be prohibited from accessing the content of frames in another site or domain. However, a flaw exists in how VBScript is handled in IE relating to validating cross-domain access. This flaw can allow scripts of one domain to access the contents of another domain in a frame.

A malicious user could exploit this vulnerability by using scripting to extract the contents of frames in other domains, then sending that content back to their web site. This would enable the attacker to view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker?s site. The latter scenario could, in the worst case, enable the attacker to learn personal information like user names, passwords, or credit card information.

In both cases, the user would either have to go to a site under the attacker's control or view an HTML email sent by the attacker. In addition, the attacker would have to know the exact name and location of any files on the user's system. Further, the attacker could only gain access to files that can be displayed in a browser window, such as text files, HTML files, or image files

http://www.microsoft.com/technet/tre...n/MS02-009.asp

Tools -> Windows Update -> Product Updates -> Check Critical Updates -> Download

which will download and install the latest bug fixes for IE browsers ;)

Thanks! Now it's working. :D

If anyone is from Sweden or can speak Swedish, we could use your help if you would like to help us find this guy. We just need a little bit of help. We have a lot of the info on him already, but we don't speak the language.

Thanks,
Jason

I got those patches last week eva, there seems to be a new one from Micro$soft every couple of months, I'm glad that Bill decided to focus on security :D

thanks alot for the info.

i hate to drudge up an old topic.. but i've recently had the same problem with a member of mine hacking the crap outta my forum.. so i was wondering.. what is the minimum chmod values i should have set per file to keep .. users.. out.. and.. if i were go to into cpanel and simply pass protect the entire admincp directory.. would that do the same as listed above since it requires me to login now not only to the acp but also to the pass protected directory before i can ever see the acp?

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01167 seconds Memory Usage 1,742KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: