vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Just got hacked by Netbeans xD (https://vborg.vbsupport.ru/showthread.php?t=296605)

greenpk2 03-28-2013 05:40 PM
Just got hacked by Netbeans xD
 
http://img27.imageshack.us/img27/4923/38307449.png

What a funny guy... When I right clicked a message came up and said "Your ip is tracked, I will come for you ~ Netbeans"

GG :/


Anyone know him or have any experiences with him / them ?

Brandon Sheley 03-28-2013 05:45 PM
It doesn't matter who this person is really, the real issue is cleaning and securing your site again. ;)

findingpeace 03-28-2013 05:49 PM
What a ++++ing loser.

Good luck with everything greenpk, I hope you have a backup. Otherwise, start manually going through sensitive PHP files and SQL tables.

--------------- Added [DATE]1364494448[/DATE] at [TIME]1364494448[/TIME] ---------------

I wonder if these are one in the same:

http://forum.extalia.net/threads/224...ned-by-Extalia

Seems like a total idiot.

elitecarders 03-28-2013 06:29 PM
greenpk2 contact me it was exploit applied on your site i can help you to make more secre your forum ...

Brandon Sheley 03-28-2013 06:34 PM
you should post in the paid request forum if you're looking for help ;)

elitecarders 03-28-2013 06:37 PM
Brandon Sheley for your information want to tell you i am expert in server security + PHP Applications like vBulletin . PHPBB . MyBB . like that . i read thouseds of ways how to hackers get in any forum . i have much info abut Shells . etc tools to hack or root a server

Brandon Sheley 03-28-2013 06:40 PM
Quote:
Originally Posted by elitecarders (Post 2412776)
Brandon Sheley for your information want to tell you i am expert in server security + PHP Applications like vBulletin . PHPBB . MyBB . like that . i read thouseds of ways how to hackers get in any forum . i have much info abut Shells . etc tools to hack or root a server
Not sure why you are telling me this because I don't really care, my reply was for the OP.

Thanks :up:

elitecarders 03-28-2013 06:44 PM
Quote:
Originally Posted by Brandon Sheley (Post 2412779)
Not sure why you are telling me this because I don't really care, my reply was for the OP.

Thanks :up:
ooops sorry .... :mad:

greenpk2 03-28-2013 07:11 PM
I find it both funny and serious. I know so little about PHP, MySQL & HTML.
I know some basic codes and the setup, but I am not advanced. I knew this would happend anyway, because we don't got the best webhosting service. This website is used for a private server, but the server is soon opening. I am thinking about let it go for a while, but elitecarders if you know how to secure us better I would be happy to get some information from you. I also read some articles how they hack and how to secure, but some of it are too advanced to me, since I am still learning the basics :)

--------------- Added [DATE]1364499138[/DATE] at [TIME]1364499138[/TIME] ---------------

I can tell one thing for sure, he just changed the content of the page... Maybe he is haunting us, because he wants me to mail him. If I think logic it might not be smart + he might demand cash... xD

elitecarders 03-28-2013 07:32 PM
Quote:
Originally Posted by greenpk2 (Post 2412797)
I find it both funny and serious. I know so little about PHP, MySQL & HTML.
I know some basic codes and the setup, but I am not advanced. I knew this would happend anyway, because we don't got the best webhosting service. This website is used for a private server, but the server is soon opening. I am thinking about let it go for a while, but elitecarders if you know how to secure us better I would be happy to get some information from you. I also read some articles how they hack and how to secure, but some of it are too advanced to me, since I am still learning the basics :)
i will try to my best . i can ;-)

--------------- Added [DATE]1364508898[/DATE] at [TIME]1364508898[/TIME] ---------------

forum is fine now .. i did it :) no more infection here

greenpk2 03-28-2013 10:26 PM
Well guys it's solved now!
thanks to ~ elitecarders

For annyone ever doubted him, he actually helped me secure and learn me how to prevent a hack like that in the future!

htttp://www.true-carders.com/

TNCclubman 03-28-2013 11:05 PM
did he do it for free or charge you?

greenpk2 03-29-2013 12:54 AM
Free :P

TheLastSuperman 03-29-2013 01:04 AM
It's very rare (trust wise) that you find someone to do that for free so make him your friend imo!

:D

Edit: Be sure to post in your paid request that it's been taken care of otherwise you may receive now unwanted pm's ;).

greenpk2 03-29-2013 01:19 AM
I know :)

I got experience with this so I acted a bit rough and suspicious in the start with him. After a while I gave it a shot and he actually helped me out and taught me how to prevent and now It's fixed.

The hacker changed two templates; "FORUMHOME" & "FORUMDISPLAY"

The hacker also used one of the admin's account to do this, cuz u could see a change in the teamplate from that account. The guy that helped me told me that he is being infected or someone know the password to the admin account..

Well after changing FORUMHOME & FORUMDISPLAY back to normal, everything works fine.. The only problem is that every "Custom modification/configure" to the templates or added custom pages was deleted...

TheLastSuperman 03-29-2013 01:27 AM
Quote:
Originally Posted by greenpk2 (Post 2412837)
everything works fine.. The only problem is that every "Custom modification/configure" to the templates or added custom pages was deleted...
When your done adding the customizations back in, stop right then and make a backup of your style, you can export it ;).

Bluemax712 03-29-2013 01:33 AM
Quote:
Originally Posted by elitecarders (Post 2412802)
i will try to my best . i can ;-)

--------------- Added [DATE]1364508898[/DATE] at [TIME]1364508898[/TIME] ---------------

forum is fine now .. i did it :) no more infection here
Elitecarders,

Can you say if this was this an undisclosed vulnerability, a misconfiguration issue or just an admin password problem?

greenpk2 03-29-2013 01:40 AM
Well some say I should feel suspicious, because he is owner of a illegal activities forum.. (Hacking) He told me he do it mostly for his own security.

Bluemax712 03-29-2013 01:55 AM
It's like letting someone else wear your swim trunks - and then having to put them back on.

greenpk2 03-29-2013 02:26 AM
I am learning how to secure better and soon learning hacking techiques. (for security purpose) and reverse exploits.

Bluemax712 03-29-2013 02:52 AM
Quote:
Originally Posted by greenpk2 (Post 2412860)
I am learning how to secure better and soon learning hacking techiques. (for security purpose) and reverse exploits.
Posting 'lessons learned' would be great greenpk2 :)

greenpk2 03-29-2013 03:00 AM
Well I am happy, because he fixed the hack and he did learned me how to do it now, so I am happy. I wouldn't pay 300$ for that remove, because it was kinda easy to remove. The hacker just editted two templates added some basic codes... LOL no tracking codes or any mysql. It just seems worse than he made it to. I bet one of the administrators has been infected... Because we are 3 admins on it and one of them had changed "FORUMHOME" 6 pm and when I had a look at it u see that hackers code.

Bluemax712 03-29-2013 03:10 AM
Quote:
Originally Posted by greenpk2 (Post 2412867)
Well I am happy, because he fixed the hack and he did learned me how to do it now, so I am happy. I wouldn't pay 300$ for that remove, because it was kinda easy to remove. The hacker just editted two templates added some basic codes... LOL no tracking codes or any mysql. It just seems worse than he made it to. I bet one of the administrators has been infected... Because we are 3 admins on it and one of them had changed "FORUMHOME" 6 pm and when I had a look at it u see that hackers code.
hmm...Do you think it was just an easily guessable password for the admin acct or did the hacker already know it?

Did you have the strikes system enabled?

greenpk2 03-29-2013 03:15 AM
i added password for directories too now..


All times are GMT. The time now is 05:57 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01234 seconds
  • Memory Usage 1,765KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (24)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete