vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   vB Getting Hacked (https://vborg.vbsupport.ru/showthread.php?t=170615)

mousegeek 02-15-2008 10:47 PM
vB Getting Hacked
 
I'm a member at many vB sites. And this past week there has been a lot of vB sites getting hacked badly. It happed to mine 4 days stright. Does anybody know why this is all of a sudden happening or we don't know?

Lynne 02-15-2008 11:22 PM
Usually it is because of some modification that has been installed. A month or so ago, there was an exploit discovered in a photo gallery application (sorry, I don't have it so I don't know the formal name of it) and so there were several sites hacked at that time.

Do you know if the sites you know of that got hacked have any modifications in common?

punchbowl 02-15-2008 11:35 PM
it's been pretty secure for me. People sometimes claim or think they've been hacked when it's really just people using the same username/pw at lots of different sites.

or whatever

mousegeek 02-15-2008 11:46 PM
See my site and a friend of mine who was just hacked today. We both have completely different mods on our sites yet both were hacked in almost identical ways.

Dismounted 02-16-2008 04:29 AM
Do you have any common modifications? It actually really doesn't matter as any SQL Injection vulnerability could inject into anything, ie. same result.

Marco van Herwaarden 02-16-2008 07:07 AM
You don't really give us much information to work with.

How was it "hacked"? What are the symptoms?
How are you hosted? Dedicated, shared,..?
Which modifications do you have installed?

falguni1 02-16-2008 09:28 AM
I think the hacked sites should be reported here so a proper study, diagonosis and solution can be worked out.

Opserty 02-16-2008 09:48 AM
vB sites? Are these domains that are running only vB forums? Because it may be possible for people to exploit other scripts hosted on the domain/server and use these to mess with the database and cause problems with the forums amongst other things.

Guest210212002 02-16-2008 01:20 PM
Quote:
Originally Posted by Dismounted (Post 1444247)
Do you have any common modifications? It actually really doesn't matter as any SQL Injection vulnerability could inject into anything, ie. same result.
Quoted for emphasis. One insecure mod that allows inject is all it takes.

mousegeek 02-17-2008 12:24 AM
Well I got mine all fixed up and I put a bunch of sucerity stuff in there. But take a look at my friends vB:

http://vmkadventure.com

It has me and him stumped as to where to remove that garbage and make sure it wont happen again.

KW802 02-17-2008 02:00 AM
Quote:
Originally Posted by mousegeek (Post 1444816)
Well I got mine all fixed up and I put a bunch of sucerity stuff in there. But take a look at my friends vB:

http://vmkadventure.com

It has me and him stumped as to where to remove that garbage and make sure it wont happen again.
Looking at a site after it's been hacked doesn't do us any good.

We would still need that list of what add-ons & hacks are on the site(s) to give any ideas on where the problem might be.

Lynne 02-17-2008 02:42 AM
The 'garbage' was entered right around where the CSS link is normally - you may want to check the permissions in the clientscript folder). If you are going to troubleshoot it, you need to know what the templates *used* to look like, and what they currently look like. You also need to figure out exactly what the hackers had access to. You really haven't given much information at all for anybody to try to figure it out. I can tell that your friend has quite a few hacks because the source code on that page is not standard vb. He might want to go read the threads for all of them and see if this hacking comes up in any of them and also make sure that he is using the latest version of all those hacks because sometimes they are upgraded because of security issues that were found.

mousegeek 02-17-2008 02:59 AM
Quote:
Originally Posted by KW802 (Post 1444865)
Looking at a site after it's been hacked doesn't do us any good.

We would still need that list of what add-ons & hacks are on the site(s) to give any ideas on where the problem might be.
All right, here's all of the mods he has installed (so far)

vB Gallery
vB Blog
User Pages by Amy
Awards Showcase
vB Plaza (He don't use it but he has it installed on his site still)
vB BB Video Codeing (I forgot the name but I know it's a very big, big as in popular, addon)

Yea I know, he don't add many addons.






Lynne - Thank you very much for posting that information. I am right on it hoping to make sure that that resolves the problem!

KW802 02-17-2008 03:49 AM
Quote:
Originally Posted by mousegeek (Post 1444904)
All right, here's all of the mods he has installed (so far)

vB Gallery
...
Make sure that the site has either been upgraded to vBGallery 2.4.x or the security patches have been applied for the older versions. Within the past month a security exploit was found (see the PhotoPost.com support forums for details).

DieselMinded 02-17-2008 04:07 AM
From Your Friends Site.......

T0uch3d l3y Bright D@Rk

Y0ur S1r Bright D@Rk
Where is The Security Dude?
It Seems Your Security doomed to Failure
Plz Dude Don't Talking Again About
Or Never Talking About
is
only 4 Elite People and U R not of Them
is Not
For Lamerz
Script Kids!!
So Plz Go Away and look for Such Useful
thing 2 Do
G00D LUCK And Make Sure You Make The
Security
The Highest Next Time
h4ck3r
CoM
Special Greetz : Dr.Hacker -
AsbMay - nO4HarD -
Mohandko - Sp1der NeT
eGyptGhosT - Lecopra - Dr.Dermann- rED Wolf - rED
Casper - Black Cod3 - Dr.Dell - CiTy Hack - Hack4Life
Cyber Terrorist
Mohajer
22 - Alk()Mand()z Hacker - BoOoDy - ToOoFa - MaStErZmInD - GoDa HaCKeR  - Mr.Max -
nOur IcE
Special
Greetz 4 H4ck 3Gy

mousegeek 02-17-2008 02:38 PM
Quote:
Originally Posted by KW802 (Post 1444917)
Make sure that the site has either been upgraded to vBGallery 2.4.x or the security patches have been applied for the older versions. Within the past month a security exploit was found (see the PhotoPost.com support forums for details).
Yes, he always keeps his mods updated. It even says here 2.4.1.

Quote:
Originally Posted by DiesellMinded (Post 1444925)
From Your Friends Site.......


T0uch3d l3y Bright D@Rk

Y0ur S1r Bright D@Rk
Where is The Security Dude?
It Seems Your Security doomed to Failure
Plz Dude Don't Talking Again About
Or Never Talking About
is
only 4 Elite People and U R not of Them
is Not
For Lamerz
Script Kids!!
So Plz Go Away and look for Such Useful
thing 2 Do
G00D LUCK And Make Sure You Make The
Security
The Highest Next Time
h4ck3r
CoM
Special Greetz : Dr.Hacker -
AsbMay - nO4HarD -
Mohandko - Sp1der NeT
eGyptGhosT - Lecopra - Dr.Dermann- rED Wolf - rED
Casper - Black Cod3 - Dr.Dell - CiTy Hack - Hack4Life
Cyber Terrorist
Mohajer
22 - Alk()Mand()z Hacker - BoOoDy - ToOoFa - MaStErZmInD - GoDa HaCKeR  - Mr.Max -
nOur IcE
Special
Greetz 4 H4ck 3Gy
Yea, that's the hack note.

KW802 02-17-2008 11:09 PM
Quote:
Originally Posted by mousegeek (Post 1445202)
Yes, he always keeps his mods updated. It even says here 2.4.1.
It says where? Going to that link doesn't show a working forum.

Besides updating the software version, also ask him if he scanned his gallery files for any files that may have been uploaded prior to him upgrading to the current version. If a exploit file was uploaded prior to the version being upgraded and if that file was left out on his server then even though he may have upgraded the software his site is still open to being exploited.

mousegeek 02-18-2008 01:29 AM
Quote:
Originally Posted by KW802 (Post 1445542)
It says where? Going to that link doesn't show a working forum.

Besides updating the software version, also ask him if he scanned his gallery files for any files that may have been uploaded prior to him upgrading to the current version. If a exploit file was uploaded prior to the version being upgraded and if that file was left out on his server then even though he may have upgraded the software his site is still open to being exploited.
Yea, he said he scanned the files and he said that he just did it now. This is leaveing me clueless.

--------------- Added [DATE]1203387371[/DATE] at [TIME]1203387371[/TIME] ---------------

All right, I checked myself and it's not that client thing you were talking about lynee.


All times are GMT. The time now is 01:12 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01167 seconds
  • Memory Usage 1,763KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (18)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete