vb.org Archive - My board was hacked

Page 1 of 3

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)

- - My board was hacked (https://vborg.vbsupport.ru/showthread.php?t=43825)

The Keeper

09-22-2002 09:20 PM

My board was hacked

I think my board was hacked. They didn't destroy anything on the forum - but one of my members posted a snapshot of a private (moderator) forum.
One of my moderators asked where he got the pic from, and his best friend (who is I think is also a vb owner and knows a lot about computers and security) replied:

Quote:

INSERT INTO moderator VALUES ('12', '231', '5', '0', '0', '1', '1', '1', '1', '1', '1', '0', '0', '0', '1', '0', '0', '1', '1');

EDIT: Though what does it matter? He has it etc...

Is it possible he's found a way to hack into the database?

I'm running 2.2.4

NTLDR

09-22-2002 09:22 PM

Thats the statement for adding a moderator, but unless he has a way to run queries on your DB its useless.

Xenon

09-22-2002 09:41 PM

well you should really upgrade to vb227 there are some security fixes in it...

Erwin

09-23-2002 01:55 AM

2.2.4 is not secure. Upgrade to 2.2.7.

The Keeper

09-24-2002 08:58 AM

I've upgraded now, but I need advice on what to do with such a member? I really have no proof he hacked, but I do know he posted a pic of something he shouldn't have access to.

Xenon

09-24-2002 09:00 AM

well i'd show him the yellow card.....

Neo	09-24-2002 10:30 AM

2.2.7 isnt secure. I hacked my 2.2.7 board a few times and got access to the admin area.

Xenon

09-24-2002 10:32 AM

i hope you've told this infos to the developers ;)

The Keeper

09-24-2002 12:25 PM

This is dissapointing to know.
Do you guys have any idea how this hacking on my forum may have happened?? Through admin area? I am led to believe he was able to procure other data from the database including IP addresses.

If it was through the admin area, I've now passworded that directory, hopefully that will stifle attempts, but if he has my admin password, then what's the point anyway

Is there anything I can do about this, like report it to some authority, if I'm able to collect evidence?

Steve Machol

09-24-2002 04:54 PM

Quote:

Originally posted by Neo
2.2.7 isnt secure. I hacked my 2.2.7 board a few times and got access to the admin area.

If you have evidence of this then please send it to support@vbulletin.com. Include the exact steps you are using to hack your 2.2.7 forum.

All times are GMT. The time now is 05:13 PM.

Page 1 of 3

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01039 seconds Memory Usage 1,728KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: