vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   My site was exploited/attacked (https://vborg.vbsupport.ru/showthread.php?t=240818)

natecoupons 04-19-2010 05:51 PM
My site was exploited/attacked
 
Okay, here is what I know right now and am learning more as I go.

They uploaded a malicious file google.js which was sending people to a russian site.

I currently run 3.7.2

https://vborg.vbsupport.ru/external/2010/04/18.png

Then they uploaded two different files directly into the customavatar folder
./customavatars/adm.php
One of those was a program called adminer 2.3.1

Screen shot:

https://vborg.vbsupport.ru/external/2010/04/4.gif
https://vborg.vbsupport.ru/external/2010/04/5.gif

They also uploaded another file that I'm not sure what it does...
it was ./customavatars/setting.php
This one only has a password.

I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.

Thoughts?

borbole 04-19-2010 06:15 PM
It looks like a gumblar attack. Change all the passwords and then check the server space for any suspicious files. Then upgrade your forum to the lastest version, be that of the 3x series or 4.0.3. And as last but not least contact your host and let them know about it so they can check their logs as well and see how they got in (in the chance that it is not a gumblar atatck), so the security issues can be patched up.


All times are GMT. The time now is 05:59 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01071 seconds
  • Memory Usage 1,712KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete