vb.org Archive
Page 1 of 11 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Th3H4ck hacked hundreds of VB forums over the last two days. (https://vborg.vbsupport.ru/showthread.php?t=301904)

lapiervb 09-05-2013 11:37 AM
Th3H4ck hacked hundreds of VB forums over the last two days.
 
Th3H4ck Has hacked hundreds of VB forums over the last few days, what is the exploit and are we working on a fix???

Just google Th3H4ck

BlkBullitt 09-05-2013 12:08 PM
Yeah I saw he joined today and used my Spam-O-Matic features to get rid of him but I would really like to know how he signed up as an Admin?

lapiervb 09-05-2013 12:13 PM
Quote:
Originally Posted by BlkBullitt (Post 2443430)
Yeah I saw he joined today and used my Spam-O-Matic features to get rid of him but I would really like to know how he signed up as an Admin?
Did you get an IP or any information as to what he is doing once he's in.

kinkdink 09-05-2013 12:42 PM
Looks like a bot attack to me.

It relates to this article
http://www.vbulletin.com/forum/forum...-1-vbulletin-5

Apache Log below:
178.33.229.22 - - [05/Sep/2013:10:10:37 +0100] "GET /forum/core/install/upgrade.php HTTP/1.1" 404 613 "-" "-"
178.33.229.22 - - [05/Sep/2013:10:10:38 +0100] "GET /forum/install/upgrade.php HTTP/1.1" 404 613 "-" "-"
178.33.229.22 - - [05/Sep/2013:10:10:39 +0100] "GET /forums/core/install/upgrade.php HTTP/1.1" 404 613 "-" "-"
178.33.229.22 - - [05/Sep/2013:10:10:39 +0100] "GET /forums/install/upgrade.php HTTP/1.1" 404 613 "-" "-"
178.33.229.22 - - [05/Sep/2013:10:10:40 +0100] "GET /core/install/upgrade.php HTTP/1.1" 404 613 "-" "-"
178.33.229.22 - - [05/Sep/2013:10:10:41 +0100] "GET /install/upgrade.php HTTP/1.1" 200 13394 "-" "-"
66.96.183.79 - - [05/Sep/2013:10:10:45 +0100] "POST /install/upgrade.php HTTP/1.1" 200 279 "-" "-"

lapiervb 09-05-2013 01:05 PM
Do we just delete the entire install folder?

nhawk 09-05-2013 01:07 PM
Quote:
Originally Posted by lapiervb (Post 2443440)
Do we just delete the entire install folder?
That's what it says.

CareyG 09-05-2013 02:14 PM
Quote:
Originally Posted by BlkBullitt (Post 2443430)
Yeah I saw he joined today and used my Spam-O-Matic features to get rid of him but I would really like to know how he signed up as an Admin?
He signed up twice on my forum as admin. I have deleted the install folder. I dont know what else to do or what if anything he did to my forum.

Lynne 09-05-2013 03:53 PM
If you want to see what he did on your site, go to Admincp > Statistics & Logs > Control Panel Log. You will see if he added a plugin or accessed the templates, etc.

DELETE YOUR INSTALL DIRECTORY!!!

dawges 09-05-2013 04:18 PM
I was a victim of this also. Check my thread. If you guys haven't already you need to check the database and your templates. On my forum they put iframes in the footer of all my templates.

I had 8 Administrators in the admin group with the same name. However, one admin account was just a "."

BlkBullitt 09-05-2013 06:06 PM
Quote:
Originally Posted by lapiervb (Post 2443431)
Did you get an IP or any information as to what he is doing once he's in.
IP addy 180.216.122.253 and I checked my Control Panel and I don't see anything logged for the user so it looks like he just signed up and that was it. I am almost 100% certain I deleted my install folder after the initial install a year ago.


All times are GMT. The time now is 03:07 PM.
Page 1 of 11 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02679 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete