Thread: Forum Hacked. Is DB ok?
View Single Post
  #4  
Old 12-15-2010, 04:17 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
  
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AbvAvg View Post
How do I look for base64 additions?
What other things do I need to check?

One thing is sure that it was not a server side hacking. So access to DB was limited to what vB provides.
You'll see actual snippets of "funky" code and by that I mean code that normally does not belong there...

Code:
eval(base64_decode("aWblahblahblah
Now that can be in the database where users would normally not see it and in other cases they modify your actual .php files and insert it there or within your templates.

Along with checking for similar types of code in all those areas you'll want to check the timestamps of all files and folders on the server, look for Shell scripts those are scripts they upload that will still allow access even after you patch the original way they gained access and shells depending on how their coded can allow them to do quite a few things including but not limited to detecting what type of server your on and recording all database credentials... I dealt with one recently that also allowed them to modify and upload files through it's interface.

The main thing to be sure of is:

1. I've patched or removed how the initially gained access.
2. I've removed all malicious snippets of code.
3. I've removed any and all malicious files and shell scripts if any.

If you've never ran backups before now is a good time to get in that habit never be at a disadvantage because someone hacked your site always be on top of your game as a forum administrator or owner by being well prepared and overly cautious imo .
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02232 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete