vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Hacked Sites, How Many Recently? (https://vborg.vbsupport.ru/showthread.php?t=302821)

seriousrat 09-30-2013 09:30 AM

Hacked Sites, How Many Recently?
 
Seems like everyone is getting hacked. Some threads say over 200 in the past month. Ours, http://www.seriousoffshore.com/forums/ , and one of our main members, http://www.donzi.org/ were both hacked the end of last week/over the weekend.

Has anyone been able to find out why so many recently?

Ours seems to have the hack code inserted the first part of September, then activated later. So, our recent backups are also infected which has created a major pain.

I hope this is the right place to ask the question.

ozzy47 09-30-2013 09:53 AM

I have not seen a list or a count on the number of sites, but they almost all have to due with the install directory not being deleted.

To recover, please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

seriousrat 09-30-2013 12:08 PM

Have you seen the redirect worm that is in the seriousoffshore.com/forums before (if you've looked)? They did get in through the install as you said, but then they created admin users, modified files in the admincp folder, the style templates, and the plugins. The admincp and database hacks are pretty severe. Plus, because of the delay for when it went active, our backups are infected. As our webmaster says, Every time he thinks he has everything, something else pops up.

Anyway, if anyone is familiar with the pain of this one, helpful hints are certainly appreciated.

Thanks for the input so far.

ozzy47 09-30-2013 07:16 PM

If you follow the two blog posts, thoroughly, and not skip any details at all, you should be ok.

tbroush 09-30-2013 07:21 PM

Quote:

Originally Posted by ozzy47 (Post 2449070)
If you follow the two blog posts, thoroughly, and not skip any details at all, you should be ok.

I wish that was as easy as that.

ozzy47 09-30-2013 07:38 PM

No one said it was easy, but there have been many successful sites to recover following the info provided in there.

tbroush 09-30-2013 07:47 PM

Well I guess mine has been one of the few that continues to have issues even after doing everything and more in all of those blogs.

tbworld 09-30-2013 07:51 PM

Quote:

Originally Posted by tbroush (Post 2449084)
Well I guess mine has been one of the few that continues to have issues even after doing everything and more in all of those blogs.

It is not easy and it is time consuming, and I am sorry you were hacked. Keep at it and ask questions here, if you do not understand something.

ozzy47 09-30-2013 07:52 PM

What is the things that keep popping up, always different, same thing, and what is the things?

tbroush 09-30-2013 08:18 PM

well all he does now is when you go to the forum.php page it take you to an html page but not necessarily redirecting you anywhere. So I usually just run the upgrade script and is back to normal. So today I deleted all of the custom templates and uploaded new ones just in case the code was in there, but I have done everything else possible.


All times are GMT. The time now is 01:46 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01876 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete