vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   I've been hacked? (https://vborg.vbsupport.ru/showthread.php?t=315512)

Buzzle 11-20-2014 11:06 AM
I've been hacked?
 
Hi, I logged onto today to see a random account i've never seen before with administrator. This is what he did

http://puu.sh/cYklR/820873f86e.png

Can someone tell me how he got access or what he was doing once he was in.

Thank you.

Edit: /install directory has been deleted already.

Edit: Version 4.1.5 (Latest version)

Dave 11-20-2014 11:07 AM
Please post all of your active add-ons here.
We also need to know which vBulletin version you're using.

ozzy47 11-20-2014 11:08 AM
Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

What version of vB4 are you running?

Buzzle 11-20-2014 11:09 AM
Quote:
Originally Posted by Dave (Post 2523484)
Please post all of your active add-ons here.
We also need to know which vBulletin version you're using.
I'm using version 4.1.5 (Latest version)

By add-ons are you referring to products? If so

http://puu.sh/cYmWF/5856b728c1.png

ozzy47 11-20-2014 11:13 AM
Well first off, that version is outdated, and has unpatched security issues, you should be running the latest 4.2.2 at a minimum, or 4.2.3

Inferno shout is outdated, and most likely did not come from this site, I would ditch that and get a different shout, such as it's newer version, https://vborg.vbsupport.ru/showthread.php?t=236970

Dave 11-20-2014 11:14 AM
Alright, that looks fine.
Now:

- Be sure the /install folder is not present on your vBulletin installation.
- Check all of your active plugins, there shouldn't be any fishy plugins with odd names.
- In your ACP go to Maintenance > Diagnostics > Suspect File Versions. Check if there are any weird files which were created recently on your server.
- Change the password of all administrator/moderator accounts.
- Protect your ACP with a plugin like this: https://vborg.vbsupport.ru/showthread.php?t=296383

Edit: vBulletin version is very outdated, update to the latest.

Buzzle 11-20-2014 11:15 AM
Quote:
Originally Posted by ozzy47 (Post 2523487)
Well first off, that version is outdated, and has unpatched security issues, you should be running the latest 4.2.2 at a minimum, or 4.2.3

Inferno shout is outdated, and most likely did not come from this site, I would ditch that and get a different shout, such as it's newer version, https://vborg.vbsupport.ru/showthread.php?t=236970
Do you have any idea how the hacker got access to begin with?

ozzy47 11-20-2014 11:15 AM
Also check your plugins, ACP --> Plugins & Products --> Plugin Manager and see it there are any unknown plugins running under vBulletin

ozzy47 11-20-2014 11:16 AM
Quote:
Originally Posted by Buzzle (Post 2523490)
Do you have any idea how the hacker got access to begin with?
Well it could have been any of the security issues in the version you are running, or through Inferno shout.

ozzy47 11-20-2014 11:17 AM
Quote:
Originally Posted by Dave (Post 2523489)
Alright, that looks fine.
Now:

- Be sure the /install folder is not present on your vBulletin installation.
- Check all of your active plugins, there shouldn't be any fishy plugins with odd names.
- In your ACP go to Maintenance > Diagnostics > Suspect File Versions. Check if there are any weird files which were created recently on your server.
- Change the password of all administrator/moderator accounts.
- Protect your ACP with a plugin like this: https://vborg.vbsupport.ru/showthread.php?t=296383

Edit: vBulletin version is very outdated, update to the latest.
Only one I would ditch Dave is Inferno shout.


All times are GMT. The time now is 08:19 PM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01636 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete