vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Forum hacked (https://vborg.vbsupport.ru/showthread.php?t=216594)

psilocybin1 06-19-2009 10:07 PM
Forum hacked
 
Someone hacked my forum. In my logs there was access to options.php and changed my admin password and email from a strange ip adress

Sweeks 06-19-2009 10:12 PM
If options.php isnt part of default vbulletin I suggest removing it, run the diagnostics tool for suspicious files on the site :)
________
Nigel Mansell

Lautaro 06-19-2009 10:13 PM
Download your vBulletin files and extract the folder called "Do not Upload" you will find a file named "tools.php" upload it into your 'install'.

Then go to your forum and create a new account if you can and then run the "tools.php" file and reset the admin permission by adding the account you created on the input field.

I hope this helps.

psilocybin1 06-19-2009 10:18 PM
got back in before just wondering how to prevent this

--------------- Added [DATE]1245453625[/DATE] at [TIME]1245453625[/TIME] ---------------

And what is options.php

Sweeks 06-19-2009 10:39 PM
Post a snippet :)
________
Hawaii Medical Marijuana Dispensary

psilocybin1 06-19-2009 10:50 PM
Snippet?

Si... 06-19-2009 11:19 PM
Print screen shot... View of the content being... There...

In this case, he is asking you to open options.php up in a text editor. And copy and paste the contents into a reply box... At least I think he means that.

How to prevent this?
Well a number of ways.
  1. Changing your password every X amount of days.
  2. Directory Password Protecting the AdminCP
  3. Setting your ADMIN user from being modified in the config.php
  4. My personal favourate: Rename the AdminCP folder, and telling config.php where and what the new one is, and preform Step 2 on that folder. Then make a blank folder called admincp with a blank index.php in there. [Make sure this AdminCP is passworded too. It pisses hackers off to see a passworded area with nothing in it. Lol!] Remember when doing upgrades to put them in the new folder and ignore the line "Upload AdminCP contents to Admincp on the site" upload it to the personal folder.
  5. Having only one person who is an Administrator.
  6. Having a really long or complex password. My favourate [WHICH IS MY OLD ONE] was "Mary had a little lamb." It had caps, spaces, fullstop/ period, etc.... Simple. But it worked!
Those are my suggestions. They worked for me. But hey. What would I know, right? I've been running forum software for over 10 years and never ever been hacked once. Ever.

psilocybin1 06-19-2009 11:58 PM
there was also a style added to my forum called
TRY4G-Team...which leads to a style that shows my directory files

--------------- Added [DATE]1245459600[/DATE] at [TIME]1245459600[/TIME] ---------------

its an exploit style,,,it can access every file aswell as edit save, and upload...BAD NEWS


All times are GMT. The time now is 03:28 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01965 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete