vb.org Archive - help, site hacked, 2nd vb site in a week, same hacker

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - help, site hacked, 2nd vb site in a week, same hacker (https://vborg.vbsupport.ru/showthread.php?t=166799)

shortbus1662

01-03-2008 03:40 AM

help, site hacked, 2nd vb site in a week, same hacker

http://www.ultimatenurse.com/forum/

It's the same damn people that hacked my
http://www.huntandfishfinders.com/forum

the hunt/fish site is on 3.6.4
the nursing site is on 3.6.8

Is there a mod/hack that has had a vulnerability in it discovered recently that I don't know about?

--------------- Added [DATE]1199341772[/DATE] at [TIME]1199341772[/TIME] ---------------

anyone?

I know it hasn't been very long at all but I really need to get this figured out before another one of my sites gets hacked.

Lynne

01-03-2008 04:43 AM

It might help if you are more specific about exactly what the hacker did - like did he delete the database, change the templates, delete the files, exactly what is done to the site (yes, I can see the page, but what happened to vbulletin).

Also, you may want to compare hacks on the two sites and see which are common between the two.

Michael Biddle

01-03-2008 04:49 AM

What mods do you have on both?

shortbus1662

01-03-2008 04:57 AM

I'm trying to figure out which hacks they have in common.

If you saw that nursing site, he somehow got the forum to completely disappear. On the hunting site, it was like he was just able to hack the header somehow, but it appeared to only the stylesheet.

sturdy

01-03-2008 05:14 AM

The VB is secure I think, otherwise we should have lots of more hacking-complaints, it must be some of your hacks....

However .. its a nice defacement.

shortbus1662

01-03-2008 08:49 AM

they've hacked my hunting site again. Sigh!

VBSEO 3.0 RC5 could be it.

I don't know that there are any hacks on there now other than vbadvanced.

I'm not using that on my nursing site anymore though.

if you look, they aren't hacking the home page, just the forum, even though it's powered by vbadvanced.

SEOvB

01-03-2008 09:01 AM

Are you sure they don't have access at another level to do it?

Animecraving

01-03-2008 09:02 AM

.....check your chmod btw... chmod can kill your site you know..
and btw... how did they hacked? like deleted your content? or something?

Lynne

01-03-2008 03:19 PM

Have you checked your logs to see if they are logging in via ssh? Or via the admin panel? I think you really need to figure out how they are getting onto your sites before you can fix this.

shortbus1662

01-09-2008 05:26 PM

it was according to my host a security flaw in vbgallery.

I guess this confirms it:

http://www.photopost.com/forum/showthread.php?t=134910

All times are GMT. The time now is 03:29 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01093 seconds Memory Usage 1,726KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: