vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   vBulletin 3.8.3 exploit? (https://vborg.vbsupport.ru/showthread.php?t=216880)

musado1961 06-23-2009 07:01 AM
vBulletin 3.8.3 exploit?
 
Hi

Yesterday my hosting company [servage.net] suspended my account due to the forum/misc.php taking over 2.5 million hits and putting undue load on the shared server.

It's a small forum [under 70 members], and pretty quiet, and ONY visible to the to Registered Members. Registration is closed, so all anyone will see is the login page.

I have the CYB Advanced Statistics installed which refreshes every 30 secs, but surely that wouldn't generate over 2.5 million hits?

From talking to some other vBulletin users I've been informed that this may be some form of attack called "teardropping"?

Now, the hosting company are being a real PITA & refuse to re-instate my account till I take the necessary action [according to them change the problem with the misc.php script!]

However, I cant do anything because they've locked out my ftp access as well!

Anyone got any ideas/suggestions as to what may have caused the HUGE amount of hits on the misc.php & how to solve it?

TIA

Oblivion Knight 06-23-2009 07:13 AM
You'd probably be better asking at vbulletin.com, sounds like some kind of attack..

Do you have any other modifications installed that use misc.php?

musado1961 06-23-2009 08:06 AM
Just CYB - Advanced Forum Rules and CYB - Chatbox..but I've never had a problem like this in the 2 months I've been using the CYB mods

BlueNinjaGo 06-23-2009 12:07 PM
My suggestion: change hosts.

Oblivion Knight 06-23-2009 12:11 PM
Any form of shoutbox / chatbox is notoriously bad for server resources..

A few hosts that I know of have effectively banned their use.

Carnage 06-23-2009 12:32 PM
Can you get the apache logs from the host?

Might be helpful to see what was being requested -> ips could be matched to forum users in your db; see if it was regular usage or some form of attack.

musado1961 06-23-2009 12:35 PM
Quote:
Originally Posted by Oblivion Knight (Post 1835551)
Any form of shoutbox / chatbox is notoriously bad for server resources..

A few hosts that I know of have effectively banned their use.
Till yesterday I'd never had any issues with the CYB mods & dont believe they are at fault. The chatbox in particular has never caused any issues whatsoever before.

The sudden jump to over 2.5 million hits seems like some form of exploit against my forum:confused:

Thanks for the replies so far guys

--------------- Added [DATE]1245764474[/DATE] at [TIME]1245764474[/TIME] ---------------

Quote:
Originally Posted by Carnage- (Post 1835563)
Can you get the apache logs from the host?

Might be helpful to see what was being requested -> ips could be matched to forum users in your db; see if it was regular usage or some form of attack.
I wish!

That's the 1st thing I requested from Servage & got fobbed off with allsorts of ridiculous excuses:mad:

TNCclubman 06-23-2009 12:50 PM
r u on a dedicated server? If you're on a shared server, thats probably why they dont want to give you the logs.

Unfortunately, unless you're on a dedicated box, you're not considered a priority and you're going to get treated like caca. Change hosts or go dedicated.

musado1961 06-23-2009 12:57 PM
It's a shared server & I fully intend to change hosts if I can find a decent [if there is such a thing] european host.

I've had nothing but problems with Servage from day 1

TNCclubman 06-23-2009 01:02 PM
There are no known exploits for vB 3.8.3... post your problems re: hacing on cyb's mods post. See if anyone can figure it out...

musado1961 06-23-2009 01:07 PM
Quote:
Originally Posted by TNCclubman (Post 1835584)
There are no known exploits for vB 3.8.3... post your problems re: hacing on cyb's mods post. See if anyone can figure it out...
Thanks, will do

ctrlbrk 06-24-2009 05:46 PM
Quote:
Originally Posted by musado1961 (Post 1835422)
I have the CYB Advanced Statistics installed which refreshes every 30 secs, but surely that wouldn't generate over 2.5 million hits?
TIA
Disable the auto-refresh on the Advanced Stats. Worked for me.

Mike


All times are GMT. The time now is 04:59 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01127 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (12)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete