vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Exploit (https://vborg.vbsupport.ru/showthread.php?t=221074)

WooAf 08-17-2009 05:55 AM
Exploit
 
Hello, I have a vBulletin forum (3.8.4) and today my forum has been hacked.

Someone changed all of the user to admin and change all name to OWNEDBYBURNINGFIRE


https://vborg.vbsupport.ru/external/2009/08/14.png


I got that screenshot by a friend of BurningFire.


Mod Installed

- Better postbit with thanked phrases and border
- Cyb - Advanced Forum Statistics
- Cyb - ChatBox
- Cyb - Visitors in Last X Hours
- Quick Auto Image-Resize (Posts & Signature)
- Sidebar Column (Disable)



Someone can help me to fix it please. Thank you.

Antivirus 08-17-2009 01:10 PM
First thing I would do if I were in your shoes, is restore your latest database backup. After you do that, disable all plugins until you can identify which one is potentially being exploited (if in fact it is due to one of the mods). Also change yopur password for admin accounts, and lastly, double check the config.php file to make sure no users can run queries from within admincp.

Lynne 08-17-2009 01:32 PM
And look through your access_logs (if you don't know where they are, ask your host) and see if you can find how they got in.

MentaL 09-01-2009 02:38 PM
What information do you have.. this happened to me on my forum last night.

IRANCITY 09-01-2009 03:07 PM
DO this work

1 - download ur image folder check it for any file with .php .cgi and any extension Except pic extension
2 - change ur database user & pass word
3 - re upload ur all file of vbulletin (( may be shells upload on ur host ))
4 - protect ur includes folder with pass
5 - change ur email adres
6 - change ur host panel pass
7 - and then go for check log file

ARIA-SECURITY DIGITAL TEAM

MyChemicalSelf 09-01-2009 03:51 PM
Any more news on this? Found a google cache its happened before some guy called BurningFire
http://209.85.229.132/search?q=cache...efox-a&strip=1

MentaL 09-01-2009 06:55 PM
OK i found out why.. basically adding a plugin to the admincp.. follow XXX to reverse the effects.


All times are GMT. The time now is 10:59 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01481 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete