vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   So, recovering from being hacked questions (https://vborg.vbsupport.ru/showthread.php?t=215793)

Keesa 06-10-2009 04:17 AM
So, recovering from being hacked questions
 
We were recently hacked. To resolve the issue some of the templates and pages in our vBulletin had to be pulled down.

Some were pages related to Mods, others were things as simple as an added page to vBulletin with outgoing links.

My questions are these:
How does one know if a Modification can increase the chances of being hacked?
If our forum, because of our topic, is subject to being targeted for hacking again, should we refrain from using ANY Modifications at all?

Or is it just dumb luck that the hacker got in and the files that they planted their evil code on were just chance?

If there are particular templates that the hacker got, does it mean THOSE modifications are how they got in?

There are a couple of Mods that are like water in a starving desert and I really really want to put them back in, and would be willing to give up others to keep them, but I do not want to put the forum at risk.

So, can someone help me understand?

Is the only safe forum a completely UNmodifed one? Well, safer forum? I imagine none are safe.

cono1717 06-10-2009 08:42 AM
Any mods that you have installed from vBulletin.org should be safe, if you believe they are not report it and the staff will test it, all users that have installed that mod will then be emailed informing them of a security hole in the mod.

Lynne 06-10-2009 02:20 PM
Quote:
Originally Posted by cono1717 (Post 1826851)
Any mods that you have installed from vBulletin.org should be safe, if you believe they are not report it and the staff will test it, all users that have installed that mod will then be emailed informing them of a security hole in the mod.
Well, don't just go reporting every modification. We look at mods when users point to certain parts in the code that they feel is unsafe - like queries where the variables were not run through the cleaner. We aren't going to go through every line of code just because someone reports it saying "gee guys, is this safe?"

Check to make sure you are using the latest versions of your modifications. Do you mark Install on your mods? If so, if there is a security problem, then you should receive notification about it. Go read the thread of all your mods and see if anyone has mentioned any problems regarding them.


All times are GMT. The time now is 08:53 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01028 seconds
  • Memory Usage 1,713KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete