vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   A Hacker Deleted A Load Of Threads (https://vborg.vbsupport.ru/showthread.php?t=170045)

KempoMRK 02-09-2008 12:22 PM
A Hacker Deleted A Load Of Threads
 
Permanently as well. So there's no way to get them back. But anyway, that's not my question.

The hacker logged in as a supermod on the site and deleted a load of threads that way. Is there anyway to find out how they got the password? Or even if it was just the actual member and now he's lying?

IP's have been checked and whoever did it used a proxy. If it was brute forced would there be logs on the server?

The password was pretty unguessable and it had a number at the end as well, so I don't think it could have been guessed, and the member says that he's never told anyone his password.

Any replies would be appreciated, thanks.

nexialys 02-09-2008 12:49 PM
when you go to the moderator logs, you see who used the function AND the IP... if the IP fit the old actions, you sure know it is the same person...

this is INTERNAL management... we can't help you deal with your moderators... the simple act of banning him may or may not fix the problem, it's all to you.

there is no brute-force moderator actions in vbulletin, even if you dream of it... it is impossible to hack the system from the database, the data would be incoherent after that.

KempoMRK 02-09-2008 12:56 PM
The IP doesn't fit the actions, they were under a proxy, so it still could have been the same guy. And the mod seems like a cool guy so I'm thinking it's more likely to be a hacker, we just wanna make sure. Also, by brute forcing not working, do you mean from the outside? I meant someone could have tried brute forcing his vBulletin password.

Thanks for your reply man.

stelthius 02-10-2008 11:12 AM
i beleive there is a Proxy to real IP mod/hack i say install it and move on wait for next time and in that time up your security htaccess make sure you know who has got that sort of access and keep a close eye on the logs about all you can do really, anyway good luck mate :)

Rick

legionofangels 02-10-2008 11:15 AM
I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.

My advice, only Admins can delete threads or posts, or even better, only admins can permanently remove.

I only allow 2 of 4 admins to permanently remove threads/posts and I'm one of them as owner so that it makes it kind of simple to know if we've been hacked or not.

MiahBeSmokin420 02-10-2008 11:16 AM
yep proxie to real ip and then add the proxie redirect you will never have another problem again

then add in that one shit whats it called the AE mutipule login dectctor and multiple login ban

you will nerver have another problem with people again ban them and then there gone

ive banned over 25 people from my site fro doing dumb ass shit and the tried for about 2 days to get back on the site and they couldnt get bake on

so ya just search the site for them things and you should be good to go

but i got to go update my vb

slappy 02-10-2008 04:59 PM
Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,

Paul M 02-10-2008 05:59 PM
Quote:
Originally Posted by legionofangels (Post 1440024)
I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.
It only works if the proxy server passes on the original IP details. Hackers would (obviously) use proxy servers that do not.

KempoMRK 02-10-2008 07:26 PM
Quote:
Originally Posted by slappy (Post 1440232)
Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,
The main owner of the site came on and luckily he had a backup from the day before, so all the important stuff was restored.

We still can't work out who did it though. I'll look into the proxy unveiler thingy.

Thanks to everyone else for the replies.


All times are GMT. The time now is 01:59 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01191 seconds
  • Memory Usage 1,728KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete