|
Help!!!!
i got hacked...
www.ripthemic.org any ideas on how to delete the html code? --------------- Added [DATE]1230668356[/DATE] at [TIME]1230668356[/TIME] --------------- ........................... |
Your board looks fine.
|
yeah i got it fixed....
then they hacked us again... vbfirewall prevented it 5 times... my server told me they inserted it into the database... any suggestions? can rss feeds do this? --------------- Added [DATE]1230773562[/DATE] at [TIME]1230773562[/TIME] --------------- now its the way it was before i got it fixed the last time... hacked again... |
Do you have phpMyAdmin? And is it protected? Disable all your mods when you next put the site up also. See if they can hack the site with your mods disabled. And look for any suspicious files on the server.
|
Have you checked your server logs???
|
The first time this happened, i contacted my server and they fixed it...
they said it was injected into the database... the very next day(today)... I was hacked again... i have vbfirewall and... i received 5 emails saying it blocked 5 attempts from hacking... then it bypassed and now im hacked.... fixed it once, then they hacked again.... www.ripthemic.org heres wut it showed when prevented... 1||1230677435||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677439||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677448||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230734502||124.187.20.43||do=removesubscriptio n&t=3||http://ripthemic.org/forums/showthre...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 1||1230765308||67.167.16.183||do=viewsubscription| |http://www.ripthemic.org/forums/usercp.php||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2) is it possible that people are having problems with subscriptions because theres a security issue??? all the actions have to do with subscriptions and everyone is talking about having issues with subscriptions.... i have a feeling vbfirewall has a security issue and id hate to accuse the creator of vbfirewall but you cant put it past anyone these days... heres the link for vbfirewall https://vborg.vbsupport.ru/showthread.php?t=196791 |
I think the server logs would be more telling. Oh I was looking at your site and you will find two more attempts with my IP, the last six digits are 180.113 probably because I tried to directly access the viewsubscription function.
|
Quote:
no more attempts... |
That vbFirewall mod looks fishy to me. If I were you I'd uninstall it and not rely on that.
|
Read the vbfirewalled thread cuz I seem to recall them talking about problems with the subscriptions and a fix being posted. (sorry, I don't feel like reading it again.)
As suggested though, take a look at your server logs or ask your host to take a look at them and tell you how they are getting access to the database. |
it's hacked now at this moment. sending ya a pm RTMdotORG
|
Quote:
|
Quote:
|
Quote:
--------------- Added [DATE]1230832971[/DATE] at [TIME]1230832971[/TIME] --------------- well my site was put back up once again... lass than 7 hours later....hacked AGAIN!!! 3 times in 3 days!!!! www.ripthemic.org 1||1230777472||98.100.180.113||do=viewsubscription ||||Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 1||1230777561||98.100.180.113||do=viewsubscription ||||Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 1||1230816616||86.96.229.88||s=&do=add&dostyleid=1 0&title=headinclude&group=all&searchstring=&expand set=10||http://ripthemic.org/forums/admincp/||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) 1||1230816628||86.96.229.88||s=&do=add&dostyleid=1 0&title=headinclude&group=all&searchstring=&expand set=10||http://ripthemic.org/forums/admincp/||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) |
wow - www.ripthemic.org/forums/
HaCked By : Sniper-3 | Devano | __ # Black Hat's Crew # MSN : 3-Z@Live.Com __ |
Disable and uninstall all your modifications. Making sure you remove all files of those modifications. Also make sure there are no suspicious files hiding in any of the directories.
|
I went through the file system and removed alot of code and restored admin access. Got the site back up again. they made a mess over there. they injected into the database. they targeted index.html. index.php. login.php and removed RTMdotORG's admin acct. Renamed admincp.... chmodded a few files and did some work on the server. outside of needing a new index.html file, should be no problems now. forums are working. :cool:
|
yessir.
thank you. |
| All times are GMT. The time now is 02:18 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|