Thread: Forum hacked, restored, now showing bare index
View Single Post
  #19  
Old 09-09-2015, 02:56 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thank you,
The hacked directory (root and subdirectories) were saved by the provider as soon as I requested them to down the site (it was displaying hackers' message and I could not get into admin to shut it down).

Just went in and chmod to 000 what they saved, thanks for that. Poking around the site there is nothing visibly wrong.

If a file or directory are touched, it shows the timestamp that sticks out when the directories are listed.
Several times I saw things like "maill.php" that was inserted without harming the site contents.

Indeed, as I am on the shared server, could be 100s of sites hosted on one physical machine.
However disciplined I might be, a slacky site owner on the server may invite a trouble for all ?

Is there some tool to check the database? The cPanel provided by webhostinghub.com has "database repair" and it ran cleanly.

--------------- Added [DATE]1441775800[/DATE] at [TIME]1441775800[/TIME] ---------------

Just remembered. In

./includes/config.php

there is hardcoded database name and password, in plain sight, unencripted

// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'dbname_admin';
$config['MasterServer']['password'] = 'unencripted_password';

Is that how it should be? Never seen that in my life.
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01154 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete