vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Security concerns (https://vborg.vbsupport.ru/showthread.php?t=269564)

VBall 09-02-2011 02:45 PM
Security concerns
 
Hi All,

I'm running a 3.8.1 forum and recently we've had a couple of intrusions where .js files were modified in the clientscript folder. I was able to remove those but some users have reported that they still getting virus warnings occasionally.

Can anyone help me understand how someone may be able to modify the files in the clientscript folder? I don't believe they've gain access to the server directly. Could there be malicious code in our database? if so, which tables/fields should I know? Is there a query I can use to find them?

Thanks.

borbole 09-02-2011 02:48 PM
Ask your host to check the access/ftp logs for around the time of the hack to see what exactly went down. You are running a very old version which has several known security issue. I think it would help to upgrade your forum to the latest version of the 3.8x series.

vijayninel 09-02-2011 03:15 PM
Quote:
Originally Posted by borbole (Post 2241223)
I think it would help to upgrade your forum to the latest version of the 3.8x series.
I agree with this. There have been a lot of security patches since 3.8.1. Not having them will leave your forum vulnerable.

Eric 09-02-2011 03:22 PM
Ineed, if you are able to, upgrade to vB 3.8.7 - other than that, check the permissions on your clientscript folder - do you allow files to be written in /clientscript/vbulletin_css/ ?

TheLastSuperman 09-02-2011 03:59 PM
I know on one occasion, a client of mine was hacked... come to find out a plugin was created w/o them knowing so check your files for any changes via timestamps and also check your plugins, ensure that there are no spare "iffy" plugins active ;).

VBall 09-02-2011 04:19 PM
Quote:
Originally Posted by borbole (Post 2241223)
Ask your host to check the access/ftp logs for around the time of the hack to see what exactly went down. You are running a very old version which has several known security issue. I think it would help to upgrade your forum to the latest version of the 3.8x series.
We've checked the logs and didn't see anything related to the files. We have plans to upgrade to the latest version this weekend... hopefully that will help

--------------- Added [DATE]1314984001[/DATE] at [TIME]1314984001[/TIME] ---------------

Quote:
Originally Posted by Eric (Post 2241236)
Ineed, if you are able to, upgrade to vB 3.8.7 - other than that, check the permissions on your clientscript folder - do you allow files to be written in /clientscript/vbulletin_css/ ?
It is indeed open with 777 access. what should the vbulletin_css folder permissions be?

--------------- Added [DATE]1314984225[/DATE] at [TIME]1314984225[/TIME] ---------------

Quote:
Originally Posted by TheLastSuperman (Post 2241250)
I know on one occasion, a client of mine was hacked... come to find out a plugin was created w/o them knowing so check your files for any changes via timestamps and also check your plugins, ensure that there are no spare "iffy" plugins active ;).
The other admin handles the plugins and we may have a few that may be suspect... I'll have to check them out. Thanks

TheLastSuperman 09-02-2011 05:41 PM
Quote:
Originally Posted by VBall (Post 2241253)
It is indeed open with 777 access. what should the vbulletin_css folder permissions be?
755

VBall 09-02-2011 06:06 PM
Quote:
Originally Posted by TheLastSuperman (Post 2241274)
755
Thank you! I've changed it to 755 now. Do you guys think this could of allowed access into the clientscript folder for modification? I thought permissions can not go up the tree.

nhawk 09-03-2011 10:17 AM
Umm.. this might be a dumb question but..

If you've changed the CSS to be stored on disk, doesn't that folder need to be 777? I think 755 will give a write access error.


All times are GMT. The time now is 07:42 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01071 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete