vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Hacker was able to edit one of my forums and redirect forum. (vb 3.6.3) (https://vborg.vbsupport.ru/showthread.php?t=131489)

HostileAdam 11-13-2006 06:37 PM
Hacker was able to edit one of my forums and redirect forum. (vb 3.6.3)
 
Hmm, they edited one of my forum titles and redirected my forum, im using (vb 3.6.3), no clue how they got into the database. Any help is appreciated.

Guest210212002 11-13-2006 06:47 PM
Do you have HTML enabled?

A little more info would be helpful.

HostileAdam 11-13-2006 06:55 PM
HTML is disabled, they found a way to get into the database and change one of the forum categories into the meta tag code.

List of plugins i have active:

Activity Modification
Display reputation comments in user post
ibProArcade for vBulletin
Member Profile Reputation Display 1.04
Members who have visited the forum 4.21
Members Who Registered Today 1.1
New reputation comments and posts
Reported post send pm 1.0.0
Strike Through Closed Threads
Top 'X' Stats by InfiniteWebby
uCash & Ushop
vBShout
Yarub's New UserCP Look
[HIDE] Hack Resurrection

SCRIPT3R 11-13-2006 07:04 PM
Top 'X' Stats probably.

Paul M 11-13-2006 07:06 PM
Top X Stats had a security hole in it that was fixed about 2 months ago, when did you install it ?

HostileAdam 11-13-2006 07:11 PM
Already added the patch TopXStats, it has nothing to do with that, they got INTO the database and edited one of my forum categories. and replaced it with the meta tag.

HostileAdam 11-13-2006 07:14 PM
and whats funny is i just upgraded to 3.6.3 last night from 3.5.4 i think i would of been better off with 3.5.4..

SCRIPT3R 11-13-2006 07:15 PM
did you report this security leak to vB.com?

HostileAdam 11-13-2006 07:19 PM
i just did.

Paul M 11-13-2006 07:19 PM
Quote:
Originally Posted by HostileAdam (Post 1116547)
i think i would of been better off with 3.5.4..
Why ?

Zachery 11-13-2006 07:23 PM
Quote:
Originally Posted by HostileAdam (Post 1116551)
i just did.
A link please? Ticket ID? Bug Tracker Link? Forum Link?

HostileAdam 11-13-2006 07:26 PM
<a href="http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1184" target="_blank">http://www.vbulletin.com/forum/bugs3...iew&bugid=1184</a> | Bug ID: 1184 And my site has some warez and stuff on it and i dunno if i should post my forum link here unless u want me to PM u it?

Zachery 11-13-2006 07:39 PM
I've already responded to your bug/.

Guest210212002 11-13-2006 09:35 PM
Do you have mod_security compiled into php? If you're running a site with a target audience like that, it might be in your best interest.

HostileAdam 11-13-2006 10:30 PM
Hmm where could i get this at?

chanthuyen 11-14-2006 07:36 AM
Reupload all files,
Check your host, maybe have remview file on your host.
Check the usertable database, may be hacker inserted an account in to your database.

Guest210212002 11-14-2006 12:44 PM
Quote:
Originally Posted by HostileAdam (Post 1116705)
Hmm where could i get this at?
http://www.onlamp.com/pub/a/apache/2..._security.html

Also, run rkhunter from shell and see if it picks anything up, assuming you're running *nix.

Mattimus1984 11-17-2006 04:42 PM
Adam the first thing I saw was hacked on your site was your toplists.

cyberphr 11-17-2006 11:58 PM
I happened to run into this thread, so I thought I would update so there is no more need to reply.

The problem was apparently a shell script on the server, and nothing to do with vbulletin.

s25 11-18-2006 10:23 AM
Are you running a vunerable version of phpmyadmin?IN the last few months lots of sploits have been released for it (to the extent that i have removed phpmyadmin until it calms down a bit) Are you on a dedicated server? Probably somthing else the attacker got in through and I am placing my money on phpmyadmin or he bruteforced a mySQL pass.


All times are GMT. The time now is 04:54 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01195 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (20)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete