vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   tRyaG TeaM exploit. beware (https://vborg.vbsupport.ru/showthread.php?t=216600)

psilocybin1 06-19-2009 11:09 PM
tRyaG TeaM exploit. beware
 
i have been hacked my administrator password and email changed...and i was trying to figure out how they did it...

i than decided to check out my styles...boom...there was a exploit style added.. called tRyag TeaM

i clicked on it and it brings me to a black screen. the screen shows every single directory/files. aswell as gives the user (whoever chooses to view the forum with this style) access to every single file. They can download the file, upload the file, edit the file..even if the directory is password protected they can access the files...

I am keeping the style if any vbulletin reps would like the file to maybe find a fix for this.

fattony69 06-19-2009 11:11 PM
Is your server secured. I had a similar problem and it was because of the server.

psilocybin1 06-19-2009 11:13 PM
should be using hostgator. is there a way to make sure?

fattony69 06-20-2009 12:08 AM
Quote:
Originally Posted by psilocybin1 (Post 1833006)
should be using hostgator. is there a way to make sure?
I do not know. I was lucky by the hacker actually posting on my forum after we fixed his hacking 6 times in less than a week.

Best bet would to be google them and see if there is a pattern.

BSMedia 06-20-2009 01:09 AM
If it was from a skin, I suggest reporting the skin to moderators here if its where you downloaded it from for further inspection.

Though highly unlikely it was the skin, chances are good it was an out of date vBulletin, insecure modification or weak password/server security.

psilocybin1 06-20-2009 03:26 AM
never downloaded the skin. I got a funny error and when I got my forum back up I was locked out of my for so I had to use tools.php

I finally got back in and noticed y email account and password were changed so I instantly changed them back

I had to do some editing on my navbar so I went to styles and noticed the style there. It wasn't there befor? How did it get there? I have no idea. But somehow the hacker got it on my server and used it to edit code to get admin access

I have his ip adress. He didn't use a proxy


All times are GMT. The time now is 04:25 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01557 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete