Thread: securing passwords
View Single Post
  #8  
Old 12-30-2011, 08:51 AM
ShiningStar ShiningStar is offline
 
Join Date: Nov 2011
Location: Planet-$hining$tar
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Zarxrax View Post
Well, I was running a rather outdated version of the forum (my license for 3.x had expired, and I hadn't bought 4.x yet), so I'm sure there were plenty of security vulnerabilities in it. My database password was obtained from the config.php and then that was that.
I do know that the hacker obtained admin privileges on the board because right before it was defaced, some normal users were promoted to super moderators.
Yup, after getting Database info they can do almost everything what usually an Owner can do {downloading Database, editing tables so in this way promoting or demoting any member, or simply changing Admin's Email Address to their own so they could easily recover Password of Super Admin Too }, it usually takes a few minutes in making themselves Admin, but all that is possible only from that of the Server where you are Hosted & it's not a matter at all to know about other sites of the same server as well as to Hack any of the other Forum hosted on that server.
While Security issues aren't there in vBulletin itself, when it comes to 3X then using latest version i.e. 3.8.7 PL-2 may be the Best Idea {even I like to have & work in 3.8.7 },
So only Security from you can be that of the Securing Config.php file by it's permissions {some times 400 won't let Forum work, in this situation CHMOD 404 will be used also an extra step of decrypting config.php may be taken too} but still there's one more danger that of the Resellers Account if Your Reseller or Master Reseller of Your Reseller gets Hacked then any of the Precaution will become useless itself as that Hacker will be able to Access Your CPanel
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01191 seconds
  • Memory Usage 1,769KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete