vb.org Archive
Page 7 of 8 « First 56 7 8
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Hacked by Team Animus? (https://vborg.vbsupport.ru/showthread.php?t=263202)

ChromeDome 05-15-2011 02:36 AM
Is "VSa - Advanced Registration" safe?

TheLastSuperman 05-15-2011 04:18 AM
I do want to make one thing perfectly clear!

If you find that a currently installed modification on your site is "Quarantined" or "Discontinued" or in the "Modification Graveyard" for any sort of security issue you need to disable the modification IMMEDIATELY.

You don't want to uninstall unless you truly do not want the functionality otherwise when it's patched/fixed and you update all of your rules are gone or if it was a "Thanks" mod for example all of your thanks would be removed as you uninstalled.

fxwoody 05-15-2011 09:03 AM
Tks for all the info's guys! Much appreciated ;)

Seems like this one will make others talk as some might have weaknesses also that have not yet been approched?!?
Tho, even with a good alarm system, if they want to steal, they will find a way loll ;)

I know for a fact that lots of hackers or geeks try to infiltrate anything they can for pleasure, i get so many deny/block IP's report of failed login in my VPS/WHM that it's nuts!!!! A good firewall and well adjusted server security is always the key to peace and tranquility.....as long as it works lolll ;)

Cheers

AusPhotography 05-16-2011 03:02 AM
<a href="https://vborg.vbsupport.ru/showpost.php?p=2195551&postcount=53" target="_blank">https://vborg.vbsupport.ru/showp...1&postcount=53</a>

I spend an hour on the weekend having a look at the plugin code.
I found an issue with the cookie handling because of the use of an eval function.

The first patch fixed the SQL injection but not cookie injection.

RCKSTR 05-16-2011 10:43 PM
NVM. figured it out

fxwoody 05-17-2011 07:20 AM
Quote:
Originally Posted by RCKSTR (Post 2196532)
NVM. figured it out
Quote:
Originally Posted by snoopytas (Post 2196210)
https://vborg.vbsupport.ru/showpost....1&postcount=53

I spend an hour on the weekend having a look at the plugin code.
I found an issue with the cookie handling because of the use of an eval function.

The first patch fixed the SQL injection but not cookie injection.

Any info that you could share with us regarding the bug that we could fix in the script???

It could help everyone here ;)

madshark 05-19-2011 10:19 AM
Well Valters fixed it again. Hopefully thats the end of holes for this one and the poor man being hounded down.

preemz10314 05-20-2011 12:58 PM
I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"...

Not sure what is going on my pc is clean, and I have since added extra security against SQL injections. And I never once used Advanced Forum RUles.

There is also, word around hacking forums that there is an exploit out that effects 4.x.x. - 4.1.3

It is confirmed that there is a very new exploit out there. be careful /

Smitty 05-20-2011 01:15 PM
Quote:
Originally Posted by preemz10314 (Post 2197976)
I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"... <snip>
That sure changes the game... (bold emphasis mine)

--------------- Added [DATE]1305900973[/DATE] at [TIME]1305900973[/TIME] ---------------

Quote:
Originally Posted by preemz10314 (Post 2197976)
<snip> It is confirmed that there is a very new exploit out there. be careful /
Where is it confirmed?

Zachery 05-20-2011 01:35 PM
Quote:
Originally Posted by preemz10314 (Post 2197976)
I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"...

Not sure what is going on my pc is clean, and I have since added extra security against SQL injections. And I never once used Advanced Forum RUles.

There is also, word around hacking forums that there is an exploit out that effects 4.x.x. - 4.1.3

It is confirmed that there is a very new exploit out there. be careful /
Please dont go around posting FUD. If you do not have a link to an exploit report, chances are there isn't one in the wild.


All times are GMT. The time now is 02:59 PM.
Page 7 of 8 « First 56 7 8
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01174 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete