Thread: Been Hacked.. :(
View Single Post
  #20  
Old 10-02-2008, 08:22 PM
joethaman joethaman is offline
 
Join Date: Jan 2007
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I did some more searching over the last couple days and there were some issues, exploits, vulnerabilities or whatever, where files (other than images) can be uploaded using vbpicgallery, photpost classifieds, and photopost vbgallery, and vbadvanced cmps. All of them seem to have been resolved except for vbadvanced cmps, or at least not that I could find. It's kind of my fault that I haven't been keeping up with the updates, but I haven't been receiving any notifications that any new updates have been released.

What I've been doing over the last few days is using woopra to track all of the visitors whose languages are arabic, and banning those IP's. So far, using those IP's and searching the logs, they've been attempting to access the directories where the old sniper_sa scripts were and have also helped me locate where other scripts have been placed within my site. After a few days of watching, I've done an IP ban on the internet provider that this guy has been using, which is also a very common ip used by hackers and spammers.. 213.0.0.0/8. This pretty much blocks all IP's from 213.0.0.0 to 213.255.255.255. if you do a reverse IP lookup on the spammer/hacker you can sometimes view the ISP's info and it will tell you the IP's that they cover, in this case, start IP was 213.0.0.0 to 213.255.255.255.

If you're not familiar with how to block IP's, here is how you do it. If you search for .htaccess and deny IP you can find some documentation on it.

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 212.14.224.2
deny from 84.41.118.98
deny from 213.0.0.0/8
deny from 193.0.19.25
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01241 seconds
  • Memory Usage 1,762KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete