vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   ALERT!!!!! Security Issue, GameReviews.com is HACKED HOW? (https://vborg.vbsupport.ru/showthread.php?t=113976)

theguywhoknowz 04-24-2006 11:12 PM
ALERT!!!!! Security Issue, GameReviews.com is HACKED HOW?
 
This weekend, started from Friday 21th, http://www.GameReviews.com was hacked. Vbulletin was closed and this is the board message. Screen shot:
http://www.SmartClickz.com/hacked.jpg

Now, it looks like the site was being SQL Injection, the hacker changed admin email, using forgot password option, then change the Forum Closed Message.

But it has more problem that just that, right now, the site is still being abuse and spam by and being DOS attack, The hacker somehow able to put malicious files on the server. It seems to me they been exploited PhotoBlog upload options to upload files

Edit: Security bug found.

Borgs8472 04-24-2006 11:57 PM
^ ^
first thing then, disable your photoblog for now. Also get checking server logs, and get banning ip ranges to keep these people out. Obviously remove any malicious files found.

If you can identify and patch the initial exploit, you may want to restore from a backup then immediately patch.

theguywhoknowz 04-25-2006 12:24 AM
Quote:
Originally Posted by Borgs8472
^ ^
first thing then, disable your photoblog for now. Also get checking server logs, and get banning ip ranges to keep these people out. Obviously remove any malicious files found.

If you can identify and patch the initial exploit, you may want to restore from a backup then immediately patch.
My site is hosted virtually and they can onle tell me whats happening right now, It seem the hacker is done with the forum and moving to our main script. I was half impressed half shaking cause I am using vb latest version.


All times are GMT. The time now is 03:20 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00998 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete