vb.org Archive - Been Hacked.. :(

Page 1 of 3

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)

- - Been Hacked.. :( (https://vborg.vbsupport.ru/showthread.php?t=191554)

soundboy

09-22-2008 06:19 AM

Been Hacked.. :(

Well.. i was hacked today.

They used SnIpEr_SA Shell and i think ive fixed it! They changed the index.php file to redirect to their site and somehow got my info via this script.

Ive changed my password to my..
FTP
Web Panel
Forum Account
and ive changed my admincp folders name..

Also ive banned the hackers i.p's via vbulletin.

Anything else i can do?
Thanks,

royo	09-22-2008 06:47 AM

You would need to figure out how they did it, since you probably have a vulnerable script somewhere which can be sql injected.

soundboy

09-22-2008 07:05 AM

From the looks of it, it just seems they "knew" my password. And it was a really strong one with CAPITALS and *^%'s. I dont have any scripts on my server... except for vbulletin and vbportal and the vbulletin mods which have no vuneralbilities. :(

dtv100

09-22-2008 11:52 AM

if you on a dedicated server try to get it harden.
change all password :
vbulletin login,Sql ,ftp,server login
on admincp index.php
add a .htacess

something like

Code:



$index['public'] = $index['public']; 

$phpkd['username'] = "dtv100";    // Here Is the User Name 

$phpkd['password'] = "mypassword";    // Here Is The htaccess Password 



if(!$index['public']){ 

if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){ 

Header("WWW-Authenticate: Basic realm=\"Highly Secured\""); 

Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br> 

<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\"> 

<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}}

SEOvB

09-22-2008 12:43 PM

Quote:

Originally Posted by soundboy (Post 1627519)

Then if you were using a password like that, it would have taken them forever to guess it. You've still got a serisous security hole some where along the lines or it'll just keep occurring.

fum1n

09-23-2008 07:47 AM

Maybe they have your computer rooted, your server rooted, or you used a vulnerable script.
Update your vBulletin and uninstall any unneeded mods/scripts etc.
Try and keep stuff minimalistic, the less stuff you have the less to go wrong.

vBsquad

09-23-2008 08:13 AM

They probably exploited a folder permission or uploading feature in vBulletin to add the shell script.

ercollins

09-23-2008 12:28 PM

I was hacked 27 times last month, spread across 4 domains. Took out all my forums.

2 forums was phpbb3 with no mods, one was SMF, and 1 modded phpbb3.

I then moved all my forums to VBulletin and was hacked yet again on every single account.

(you want to talk about fustrated?)

Finally i said enough is enough. I block all ftp acccess and shell access except from my IP.

(found out from the access logs they was using brute force to hack my forums and not even going through sql injection methods)

If you want to protect your server lock it down. install a firewall, put timeouts in place of anyone trying to access anything pw protected.

Bilderback

09-23-2008 04:21 PM

There may a shell on the shared server allowing them access to all accounts.
We had to move from Bluehost because they didnt address the issue and all their hosting
customers were getting hacked.
http://thebestforumever.com/41248-post1.html

SEOvB

09-23-2008 04:59 PM

Quote:

Originally Posted by ercollins (Post 1628542)

you didnt have brute force detection installed atleast?:confused:

All times are GMT. The time now is 11:26 PM.

Page 1 of 3

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01135 seconds Memory Usage 1,740KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: