vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   htaccess hacked :( (https://vborg.vbsupport.ru/showthread.php?t=308964)

viper357 02-27-2014 12:03 PM
htaccess hacked :(
 
Was doing some SEO work today and noticed this at the bottom of my htaccess file :(

Code:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800|w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-" [NC]
RewriteRule ^(.*)$ http://m.freesexvideosworld.org%{REQUEST_URI} [L,R=302]
So I guess my htaccess file has been hacked, easy enough to fix I suppose by just deleting that, but what can I do to prevent it from happening again? How do I protect my htaccess file from being tampered with?

ForceHSS 02-27-2014 12:05 PM
do you have a backup of what it used to be

ozzy47 02-27-2014 12:08 PM
Looks like it to me, seems like if you go to the site with a mobile devise, it redirects you to a sex site.

Only way that was added to your htaccess is someone gained FTP access or the login info for your server/cpanel.

viper357 02-27-2014 12:30 PM
Quote:
Originally Posted by ForceHSS (Post 2484048)
do you have a backup of what it used to be
The rest of the file was fine, this code was just added to the bottom of it.

Quote:
Originally Posted by ozzy47 (Post 2484050)
Looks like it to me, seems like if you go to the site with a mobile devise, it redirects you to a sex site.

Only way that was added to your htaccess is someone gained FTP access or the login info for your server/cpanel.
Thanks, I'll change the FTP and cpanel passwords.

--------------- Added [DATE]1393507956[/DATE] at [TIME]1393507956[/TIME] ---------------

Quote:
Originally Posted by ozzy47 (Post 2484050)
Only way that was added to your htaccess is someone gained FTP access or the login info for your server/cpanel.
Thinking about that now, if they've gained access to my htaccess file then they would have probably had access to my whole server/account. Could they have added this code to any other files?

ozzy47 02-27-2014 12:42 PM
Possibly, best thing to do is download a fresh copy of your vB, same version you are running, and upload the files to the server. You should do it for all mods installed as well.

RichieBoy67 02-27-2014 12:46 PM
File permissions could have also been wrong giving anyone access to it. Check your file permissions and see if anything else has been impacted. Check out your webmastertools account as well under the security tab and see if it lists anything.

Most directories should be chmod 755 except for those that need write access, most files should be set at chmod 644 depending on your server.

TheLastSuperman 02-27-2014 12:47 PM
Ahh I ran into this the other day as well when working on a site and it had to vulnerabilities... it still had vBSEO installed and had the /install/ folder on the server so be sure to switch vBSEO to DBSEO OR Remove it entirely and rewrite the urls AND/OR delete the install folder if present on your server.

Code from the .htaccess I ran into:
PHP Code:
RewriteCond %{HTTP_USER_AGENT"android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800|w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-" [NC]
RewriteRule ^(.*)$ http://m.freesexvideosworld.org%{REQUEST_URI} [L,R=302] 

viper357 02-27-2014 01:03 PM
Thanks everyone.

I've never had vbseo installed (just the sitemap generator) and the /install folder was deleted years ago.

TheLastSuperman 02-27-2014 01:11 PM
Quote:
Originally Posted by viper357 (Post 2484066)
Thanks everyone.

I've never had vbseo installed (just the sitemap generator) and the /install folder was deleted years ago.
Is your forum updated to 4.2.1/4.2.2 OR if a slightly older version is it patched? Make sure it's patched at least, if not they may have gotten in that way.

viper357 02-27-2014 01:49 PM
I'm on 3.8.5

I know there's updates to vb3 but I've made loads of template edits so an upgrade means losing all of those, I need to find time to update.


All times are GMT. The time now is 09:14 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01110 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete