![]() |
Are any of the vB3 versions safe?
I had been running vB for 4 or so years with 3.6.8 and it was hacked last week. I spent about 20 hours over the past two days redoing my site and I happen to have 3.7.2 still available for download from vbulletin.com.
I installed that and my admin username and pass was hacked today. It looks like I will have to renew my license if I don't want to get hacked. However, I am really starting to question the security of vB. It's obvious that at some point people will find a way to hack any version they produce. So we are all taking the chance running this software correct? I mean someone has to get hacked for vB to figure out the security issues and then work on a patch? I am really pissed right now. |
Do you have modifications on your site? Are you keeping them up to date security wise? If you were running that old of a version and running modifications, then there could be any number of security issues.
|
I just upgraded to 3.8.7 Patch Level 2.
I currently have the following mods installed: NoSpam! Stop the Registration Bots vBadvanced CMPS These mods are all updated to the latest version. How has the security been with 3.8.7 PL2? |
I have quite a few clients running 3.x sites, nearly all 3.8.7 PL2 however at some point the vBulleitn 3 series will reach EOL i.e. End of Life and that my friend is when security will become a issue... there won't be patches released and as new exploits/vulnerabilities are discovered they will not be patched. Is that soon or not? I'm not 100% sure when the exact date will be, none of us are but imo it will be sooner rather than later. So with that said... run 3.8.7 PL2 for now and prepare yourself for upgrading to vBulletin 4.x sometime soon and you should be good to go :cool:.
|
My site was hacked again. Like earlier today they changed my admin account to the username 'hac' and changed the password. Im not home to upload tools.php and recover my name. I have email my host to shut the whole site down.
Where do I go from here? |
Three things I would do if you haven't already:
1. Be sure your user id is in the list of Undeletable/Unalterable Users in includes/config.php 2. Change the filepath to your adminCP in includes/config.php (and change the name of the directory on the server). Once you do this you can create your own link in your bookmarks. Check what the link to your adminCP is in the page footer and if it has changed to your new filepath remove it completely and use only your bookmarked link for access. 3. Check your Control Panel Log in adminCP, there you may find info on the hacker. Then in IP Deny Manager on cPanel ban the IPs of the hacker EDIT: you can read IP addresses for the adminCP directly out of your database in the adminlog table and ban foreign IPs before you restore your forum. EDIT2: you can edit your footer template directly in the database to remove the Admin link. Use the search feature in phpMyAdmin to find "footer" |
Quote:
It's silly to expect or demand otherwise, but as far as it goes, vBulletin is one of the hardest boards to "hack" there is. Most of the others, especially the free ones, are wet paper sacks, security wise. There's all kinds of articles here and elsewhere about securing vBulletin. You might learn alot from them. This is coming from a vBulletin owner who has had vBulletin up since 2005 and has never been "hacked" or defaced. --------------- Added [DATE]1319248037[/DATE] at [TIME]1319248037[/TIME] --------------- Quote:
|
It's normally not vb that has security issues, it's actually badly coded plugins. Not all, but some. Some plugins are small enough so you can review their code.
Like everyone suggested, just upgrade to 3.8.7pl2 |
Check your access_logs and see how they got in.
Also, when you did your upgrade earlier, did you do this on a database backup from before you were hacked? Or did you go through the hacked database and make sure it was clean? And, did you change your server password? And any htaccess passwords? |
As Lynne said, check access_logs, they (he) could have uploaded a php shell, which allows editing of all files that are writeable, and some shells have the ability of altering the MySQL database, which could explain why your password was changed.
If that isn't the case, scan your PC with Malware Bytes and/or Spybot, your PC might have been infected by a keylogger or a similar program that could give out your passwords to the attacker. |
Quote:
The mods I have installed are as follows: NoSpam! Stop the Registration Bots vBadvanced CMPS As far as updating to 3.8.7pl2 I stated earlier in this thread that I have done that. --------------- Added [DATE]1319271985[/DATE] at [TIME]1319271985[/TIME] --------------- I will check the above suggestions today. Thanks all. I will update soon. |
vBadvanced CMPS - Check and ensure your on the most recent version, it has and will continue to have it's own exploits from time to time just like any other script although the most current from what I've read is secure ;).
|
Have control again....
|
Ok all. Get this. I performed all the suggestions from above. Changed the admin and mod cp. Added my name to the unalterable in the config file. My site ran fine for awhile. Then this afternoon it said 'database error' when I tried to load it. I 'viewed source' and it stated a 1049 error. I contated my host and they said the database was corrupt. It looks like they had to restore it to my prior changes.
So apparently they had to restore it to the changes that were in place to when the hacker had control.???!!!!????? I mean really I am at a loss for words now. Does this person somehow have a way to corrupt my database now if I prevent them from getting in my CP? or is this a coincedence? This has got me losing my mind. --------------- Added [DATE]1319435892[/DATE] at [TIME]1319435892[/TIME] --------------- Hello Mark, We understand your frustration. We would like to inform you that your domain is hosted on a shared server. There were slight load issues with the MySQL server and was the reason for it got corrupted. We have restored the database from the latest available backup dated Oct 21 2011. If you have a more recent backup for the database "thepubli_forum", you may kindly upload the same to your home directory and let us know, so that we will restore the same for you. Also, if you think that your domain has faced some hacking attempts, we would recommend you to : 1. change your cPanel password often 2. set default permission for files and folders , ( i.e. 644 for files and 755 for folders ) from File Manager in Cpanel 3. not to set 777 permission for any file/folder including public_html 4. not to set ownership of any file/folder to "nobody" under public_html Thanks & Regards, Jase |
Databases sometimes get corrupt. Not very often but sometimes. That is why it is always recommended to make database backups before/after you do major changes.
|
All times are GMT. The time now is 05:49 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|