vb.org Archive - My Board was HACKED Twice today!!

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)

- - My Board was HACKED Twice today!! (https://vborg.vbsupport.ru/showthread.php?t=53114)

My Board was HACKED Twice today!!

To my surprise at about 5:30 today someone gained access to one of my admin's accounts. They edited my account so I wasn't an admin anymore. I quickly edited the database and made myself an admin again. I changed some things back that the hacker messed with. (my advertising banners, and site name) At this point I had to go to work.

When I got home from work at about 1am my other admin's name was taken, and the same was done as before. He put 'their' banner on the top of the page both times and said "LHK Ownz" or something. I changed everything back again and added some heavier security this time. Also got some IP's of the names. One looks like a proxy and the other is an AOL IP.

This was the banner he displayed on my site:
http://www.angelfire.com/ca6/monkeeyz/lhk.jpg

So how could two seperate accounts be compromised? I'm running v 2.2.8 so all passwords are encrypted. They did not gain access to the backend of the site or the database itself. Just the vB control panel.

:ermm:

Can anyone offer a little insite as to where the security breech could be?

maybe bruteforce? or do you have another admin or two? they may know one of their passwords.
BTW what a lame name leet hackers krew :|

But...

If they knew the password for a third admin's account and they used that to gain access to the ACP, this still wouldn't let them get the password to tpearl5's primary and backup admin accounts.

I gather he's already checked the adminlog, so he knows which admin accounts the hacker[s] used to log in.

Not to sound off my own hacks, but I have a few vB security hacks you could install, to try and prevent this;):)

Satan

Very odd. Make sure you disable all other admin accounts, and that getadmin.php is not anywhere on your server.

Best thing to do is maybe keep yourself an admin only, as you can just re-admin yourself via the database. This can limit the access if they've cracked one of your admins accounts passwords?

That probably didn't make sense. =/

Passwords are a killer ... sometimes member join other forums and use the same passwords from another. This looks like the case with your forum. If remembering passwords are a pain in the butt for some of you, here's a free program that I reccommnd to all of my members (RoBo Form): http://fileforum.betanews.com/detail...fid=1014298205

Also, one of the guys in the Full Release Section created a very nice password changer hack that requires all members to change their passwords after a period you can define. You don't have to have all members change then, but you can make it a requrement for your staff to change their passwords.

For added saftey, it would be best to make it so that each password contains numbers and letters, and require that they are at least 6 characters. :)

Yet another fact to enforce the rule that you should never have another administrator :)

Quote:

Today at 10:44 AM filburt1 said this in Post #8
Yet another fact to enforce the rule that you should never have another administrator :)

Agreed. I have 2 other admins on my site, but once vB3 is out, they will be cut down to mods. ;)

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00976 seconds Memory Usage 1,730KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: