|
VB really this terrible????? Can it Be
I am very upset. I run a forum with 7 thousand members and 240K posts. I am getting hacked every day now. Is this really how crappy vbulletin is? I mean You can not fix security holes in the software. Very unhappy. I may have to go to IPB. Terribly disappointing.
|
There are many ways of your board being 'hacked' that have nothing to do security holes. Which version are you running?
|
I'd be looking into server security if you're having that much of a problem.
|
Are you looking for assitance, or just making a comment?
|
Assuming that you are running 3.5.4 (which the site in your sig is) then you really need to look elsewhere on your server, there are no known 'holes' in that version, but there are lots of other ways to break into a server.
|
Quote:
I am running 3.5.4. Someone keeps logging in under one of my Super Mods account, changing himself to admin and moving everysingle post to the trash section of my board. Noone is getting intot the server. there are using this how I do not know but they are: 17116 N/A 14:08, 19th Jun 2006 css.php edit style id = 1 206.149.148.27 17115 N/A 14:08, 19th Jun 2006 css.php update style id = 1 206.149.148.27 17114 N/A 14:08, 19th Jun 2006 css.php edit style id = 1 206.149.148.27 17113 N/A 14:08, 19th Jun 2006 css.php edit style id = 4 206.149.148.27 17112 N/A 14:08, 19th Jun 2006 css.php update style id = 4 206.149.148.27 17111 N/A 14:08, 19th Jun 2006 css.php edit style id = 4 206.149.148.27 17110 N/A 14:07, 19th Jun 2006 css.php edit style id = 3 206.149.148.27 17109 N/A 14:07, 19th Jun 2006 css.php update style id = 3 206.149.148.27 17108 N/A 14:06, 19th Jun 2006 css.php edit style id = 3 206.149.148.27 17107 N/A 14:06, 19th Jun 2006 template.php modify 206.149.148.27 If you see, this is from the control panel. There is no name given and this is what they do and then they have access to everything. Somehow they are taking that SuperMod and making it say admin under it and moving everything. This is what they do after they login and change the password to the SuperMod and make him admin: 17106 13:28, 19th Jun 2006 thread.php dothreadsall 83.149.72.74 17105 13:28, 19th Jun 2006 thread.php dothreads 83.149.72.74 17104 13:27, 19th Jun 2006 thread.php move 83.149.72.74 17103 13:27, 19th Jun 2006 moderate.php posts 83.149.72.74 |
you got to be joking right???? your blaming vBulletin software for being hacked,I have been running vBulletin for 2 years and have not had an ounce of trouble,I'm the only one that has access to my server and am super admin
1. who else has access to your server??? 2.how many admins do you have??? could be a admin logging in using a proxy and playing games |
Quote:
|
Quote:
1. Disabling all of your hacks and addons 2. Updating all of your passwords(ftp etc), and forcing all staff to update their passwords? 3. password or ip protecting your admincp and includes directories? 4. Scanned for foreing files? 5. Contacting your hosting provider? 6. Contacting vBulletin support for assistance? |
Also, is it the same supermod's account that they keep getting into? Keep in mind that the biggest security holes are the people we have on our teams. If it's the same person, you may need to demote them.
Also, check the permissions that you have set for your supermods. Make sure you didn't give them rights to the control panel and the ability to change member status. |
Another thought - do you have html or allow flash anywhere on your board? Both present security risks.
|
Quote:
I am the onyl one with access to my server. I am telling you this is really what is going on. I really don't care that you have npt had issues. I have issues and it is with vb. Noone is in the server, there are exploiting vb. In regards to someone saying there are two different ip addresses. THey come in with the one IP address the 83.149.72.74 and they change the Supermod to admin and then they login with that supermods information under the other ip address. What I do not understand is how people seem to think that vb is the god of forums software and OH MY GOD NOTHING CAN BE WRONG WITH OUR SOFTWARE. That is bull. It is an exploit and someone should look into it! They charge people money for a crappy software like this. INCREDIBLE!!!! |
a) you need to calm down
b) what we've stated is that the current version of vb doesn't have any known exploits. c) In order to better help you, Zachary asked you the following questions. 1. Disabling all of your hacks and addons 2. Updating all of your passwords(ftp etc), and forcing all staff to update their passwords? 3. password or ip protecting your admincp and includes directories? 4. Scanned for foreing files? 5. Contacting your hosting provider? 6. Contacting vBulletin support for assistance? If you want help, people here are willing to assist you. If you open a ticket with vbulletin I am sure they will throughly investigate your claims If you want to keep acting as you are, then there is no further point to this thread. |
Just a thought, the place for this problem if all hacks are off the forum is at vbulletin.com where Jelsoft can read it. If all hacks are not off, you COULD have a bad hack, and you need to follow the advice given and remove the hacks before you complain about vbulletin.
I do not believe vbulletin is perfect, but you need to isolate the problem in a methodical way. |
Quote:
|
I have 10 mods. I am running the shoutbox hack, the page compression hack, the google sitemap hack, the legend hack, and the who visited the forum in the last 24hrs hack.
Reeve of shinra, DO not tell me to calm down. I purchased this software and it turns out to be a POS. I am not getting any help here other than people blaming me or my server for it when It is a software exploit. NOT a server exploit! |
Okay so what software? The rest of us a relatively sure that its not an exploit with vbulletin's core files and believe the flaw may reside with unsupported, third party coded modifications that you chose to install.
|
Of course. I am sure that is what is said whenever there is something that can not be figured out. It is vbulletin. PERIOD!
|
Then as I said, you really should post this at vbulletin.com where their devs can work with you :)
We didn't write Vbulletin. ;) |
You can open a ticket with vbulletin by going to:
http://members.vbulletin.com/members...ontactform.php |
Too Funny.
Please keep posting. :banana: |
Quote:
If you change your mind about the cause of this problem, feel free to post here so we can help you identify it. |
We still have yet to hear whether or not this keeps happening even when you turned off all hacks. Are you unwilling to do this because it will prove you wrong?
|
Have you run an IP check on your board to find a matching IP to that the person is using to log on? have you gone into config.php to put that particular mod's account number in the unalterable/undeletable users group in order to keep them from changing themself to an admin when they get on?
Beyond that, have you considered banning those IP's and the partials as well as changng every single mods password for them and not letting any of them on until it's resolved? Start looking for the solution to the problem. You paid for the software, don't piss that money away before you do everything you can to fix it :) Good luck! |
There was a security hole with the shoutbox, maybe you check this.
|
What puzzles me is how you are so certain it's vBulletin and not just something else.
|
Why doesnt he just ban those IP's? Why turn something so simple into a drama?
|
Quote:
The user is absolutely positively sure its not his server!!!!! |
Quote:
People do have lives you know. We do not sit in front of the computer all day watching posts and topics. Quote:
I did that but when they are coming in with proxies it is kinda pointless right? Quote:
Finally someone that has something to say woth reading that does not try and make someone else feel like an +++++++. Thank you for this. I forgot about adding them to the unalterable. Will try that next. |
Quote:
And adding them to unalterable is an excellent idea. |
Quote:
Thank you very much. Only one issue with adding them to unalterable I would have to add 7K member id's. If I where to change all member id numbers and a person had an old copy of the DB, would they still be able to gain access with their username and passes? |
Im not trying to ask a stupid question but I have no choice. How would they have a copy of your DB? And if they did then do they have access to the phpmyadmin or some way to edit your database now. If so then that is how your getting hacked. Now that I think about it thats the only way it makes sense. If I were you I would change the access username and password to the DB and edit the config.php with the new info. Make sure your config.php isnt CHMOD to 777 or something. Make it 644. If I were you I would change the ftp account info also. If he can read the config.php by downloading it through ftp then he will know your DB info. And if you think this person has a copy of the DB then you should do a few things.
1. make all passwords expire. 2. Prune out any members who have been inactive for a long time. I usually do this on a 90 days basis but its purely up to you. 3. Ban those IP's you know are the person. And change all access info. FTP, DB, and anything else Im forgeting. |
adding users to unalterterable users would not stop the usergroup from being manually changed in the db.
|
Quote:
|
You guys are missing the point. He KNOWS FOR SURE that it is VB. PERIOD. It is definately not his server, OS, userIDs, directory permissions, mysql, php, proxies, network, video card drivers, Starcraft Brood Wars, SCSI cable, LEDs, multicast Bidir PIM, IPv6, Duke Nukem Forever, iPod Shuffle....
All your suggestions are a waste of time, it is VB. PERIOD. He is POSITIVE. PERIOD. |
Quote:
|
I run vb 3.0.7 and i added this double login for my admin panel, its so they need to login with that login before they can login to real admin, i haven't been hacked once yet. Maybe you should try it.
|
Quote:
|
Quote:
:banana: |
Try to be a bit more open minded and accept people's suggestions and input. If you are asking as a regular vbulletin user, learn from what the more advanced users tell you. Being set in your own ways and thinking that you know the problem will make it so that people can't help you. If you know it all, then you shouldn't be having this problem ;)
It can be a server issue because user's can give do whatever they'd like with any account (including there's) via phpmyadmin and such. Also, if it keeps happening to the same user, that is rather suspicious, is this the case? If so, it can be a problem with the user. Try giving every usergroup regular user permissions accept for you (temporarily), and see how things go. |
| All times are GMT. The time now is 06:18 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|