Secure database?
 

We had a admin flip out on us. She deleted a bunch of stuff to our board, and we have gotten all that back. I have a weird feeling that she can still get in our database and need to know what steps I should take to make sure that she can't get in anymore. Can anyone tell me what the first step I should take to make sure that our database is secure?

And I know this is going to sounds kinda out there- but she made a new board has the same software and everything that we do. Is there anyway she could be somehow connected or mirroring us? Everytime we're down, her board goes down to. I didn't know if that was possible, so I though I would just ask the people who might know.

Change out all the database connection information in your /includes/config.php file, if you use cPanel (or its equivalent) and she had access to that, change the password, etc.

I changed all of these in the config file.. Is there anything else in the config file that might need to be changed or is this it? I have also changed the Cpanel passwords.

master database username and password.

USERS WITH ADMIN LOG VIEWING PERMISSIONS

USERS WITH ADMIN LOG PRUNING PERMISSIONS

USERS WITH QUERY RUNNING PERMISSIONS

UNDELETABLE / UNALTERABLE USERS

SUPER ADMINISTRATORS

What should the next step be?

Are there any htaccess passwords I need to change anywhere? I know this girl is sneaky, and want to make sure I cover all by bases.

Did she have access to your FTP or cPanel before you changed out all the Passwords?

Yes, she had access to everything. She's the one that installed all the hacks, she ran the board. I'm just learning how to do this since she flipped out.

It's possible she may have modified any number of your core PHP files; you may want to consider re-uploading fresh copies of them from the vB.com Member's Area.

Keep in mind that in doing this, you could be undoing any modifications to files that may have been required for a modification to function properly.

Oh my, sounds like something hard, but I have to make sure that she can't get in anymore. Can I just change the number of the core php files to what they are supposed to be? Or would it be easier to upload the fresh ones?

Sorry - change the number of the files? Not sure what you mean.

No, it's not you. It's me, sorry.

I thought you were talking about changing the numbers for the change file permissions. Hope I'm making sense.

Oh, no, I'm not talking about the file permissions - I'm talking about the actual files themselves. If you go into your AdminCP -> Maintenance -> Diagnostics -> Suspect File Versions; you can see any files that aren't native to vBulletin or have been changed from their default form.

Oh gotcha! Let me do that and see how many there are.

Oh, and thank you so much for all your help! :)

Geez, there are a lot of them. So these may not work right if I upload fresh copies right?


arcade.php File not recognized as part of vBulletin
forumpath.php File not recognized as part of vBulletin
image.php File not found
ipinfo.php File not recognized as part of vBulletin
pager.php File not recognized as part of vBulletin
vbshout.php File not recognized as part of vBulletin
Scanned 54 files./admincp
arcade.php File not recognized as part of vBulletin
loginlog.php File not recognized as part of vBulletin
pageradmin.php File not recognized as part of vBulletin
vba_cmps_admin.php File not recognized as part of vBulletin
Scanned 3 files./archive
Scanned 28 files./clientscript
Scanned 98 files./includes
adminfunctions_vba_cmps.php File not recognized as part of vBulletin
vba_cmps_include_bottom.php File not recognized as part of vBulletin
vba_cmps_include_error.php File not recognized as part of vBulletin
vba_cmps_include_template.php File not recognized as part of vBulletin
vba_cmps_include_top.php File not recognized as part of vBulletin
vba_cmps_plugin_newpost.php File not recognized as part of vBulletin
vba_global_error.php File not recognized as part of vBulletin
Scanned 18 files./includes/cron
Scanned 8 files./includes/paymentapi
Scanned 16 files./includes/xml
bitfield_flashchat.xml File not recognized as part of vBulletin
bitfield_pager.xml File not recognized as part of vBulletin
cpnav_arcade.xml File not recognized as part of vBulletin
cpnav_log_logins.xml File not recognized as part of vBulletin
cpnav_newregistrants.xml File not recognized as part of vBulletin
cpnav_pager.xml File not recognized as part of vBulletin
cpnav_vbacmps.xml File not recognized as part of vBulletin
hooks_ibproarcade.xml File not recognized as part of vBulletin
product-ibproarcade.xml

Like now, we are down to a database error, (see 'database error' post in this forum) and they just went down as well... it's happened at least 3 times now, so - seems odd...

The only file there that's vBulletin default (not added through a modification) is "image.php"; you might want to upload a fresh copy of that or compare the differences between it and a fresh copy from the vB.com Member's Area.

On another note, judging from the results you posted it seems you're using the vBPager modification - which has some rather serious vulnerabilities -- you may want to uninstall it.

As I said above, there's only 1 file that I saw from your results that is actually a standard part of vBulletin. But, if she had access to your FTP, it's entirely possible she could've manipulated a portion of any one of those suspect files, so you might want to download the modifications using those files again and upload fresh copies just to be on the safe side. You shouldn't need to worry about the XML files.

So how about if we uploaded a totally new, fresh install of VB, sans modifications? Do you think that would help address this issue? It's basically a really small board at this point, of just a few people who keep in touch from time to time - so I am not worried about loosing old posts, etc

I just really need to be sure she is OUT.

Coincedentally, when our board goes down - so does hers. How do I address that? What could that mean?

I think I'm going to uninstall all the mods..ect, and start fresh. Can I go ahead and uninstall everything now, before I do a fresh upload?

Well if you're not worried about losing anything - then just wipe everything from your forum (and outside your forum potentially too) and upload fresh copies of everything.

I got the fresh vb files.

Do I now delete everything that's there already? I'm not sure how I transfer the new files over the exsisting ones that's already there?

If you don't mind losing any modifications you had (or have uninstalled them already); then just remove everything presently in your forum's directory and upload the fresh copies afterwards.

Will it hurt to not uninstall them before I delete them in the forum's directory?

It's possible, if any files you delete are required somewhere.

I went ahead and uninstalled everything. I upload fresh vb files, and the board is back up! (Sorry, I get excited pretty easy) I'm getting these at the bottom of the board, and I'm not sure what it means. I'm guessing it means there's something not right with these? How do I go about fixing them?

vBulletin 3.6.4 Debug Information
Page Generation 0.16385 seconds Queries Executed 11 (?)
More Information
Template Usage:
(1)FORUMHOME
(1)footer
(3)forumhome_forumbit_level1_nopost
(4)forumhome_forumbit_level2_post
(7)forumhome_lastpostby
(1)forumhome_loggedinuser
(1)forumhome_markread_script
(2)forumhome_subforumbit_post
(1)forumhome_subforumseparator_post
(1)gobutton
(1)header
(1)headinclude
(1)navbar
(14)option
(1)spacer_close
(1)spacer_open

--------------------------------------------------------------------------------

Phrase Groups Available:
global
holiday
Included Files:
./index.php
./global.php
./includes/init.php
./includes/class_core.php
./includes/config.php
./includes/functions.php
./includes/class_hook.php
./includes/functions_bigthree.php
./includes/functions_forumlist.php
./includes/functions_calendar.php

--------------------------------------------------------------------------------

Hooks Called:
init_startup
fetch_userinfo_query
fetch_musername
fetch_userinfo
style_fetch
cache_templates
global_start
parse_templates
global_setup_complete
forumhome_start
forumhome_loggedinuser
cache_ordered_forums
forumbit_display
forumbit_subforumbit
forumbit_subforumbit2
forumhome_complete

No, debug mode has been enabled on your board.

Look in your "includes/config.php" file for:
and remove or comment it out.