Thread: Th3H4ck hacked hundreds of VB forums over the last two days.
View Single Post
  #71  
Old 09-17-2013, 05:40 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My (4.2.1) forum was hacked but interestingly, it appears to be working. Only when I try to access "Admin" account (there are 2) it plays music spot and says "Hacked by pScript".

Can not access CP through VB. Went to my provider CPanel, saw files like index.php changed.

User with no Admin rights I think would notice nothing wrong.

/install directory was present when the hack occurred. Instructions before were saying to remove only install.php and tools.php.
Looks like the hacker had used upgrade.php.


How to regain access to VB Admin CP? Can go through the provider and edit individual files.
Appears he had not touched post but whatever user he came in as he can still do that.

--------------- Added [DATE]1379402877[/DATE] at [TIME]1379402877[/TIME] ---------------

If I try to log in as a Mod, it is OK. But no sufficient rights to run what is being suggested.

Search for user "admin" shows data and activity of the real one.
No right to change his password.

10 days ago I noticed another user, test (from test.com) that had administartor title without any email and confirmation. Upon registration, there is a question to answer that robots can not and only people of a specific nationality can. It did not go through that.

Looks like this is a separate one or different damage to different forums on the shared server.
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01187 seconds
  • Memory Usage 1,763KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete