Thread: Forum hacked, restored, now showing bare index
View Single Post
  #30  
Old 09-10-2015, 05:42 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My site is back to normal, has been since first 3-4 posts here and without anyone's help.
- File permissions are 644, directories 755.
- Originally it was 4.1 hacked in 2010. That was before warning "remove install directory" was issued, even specialist installation by VB staff left it onsite. Site re-provisioned.
- Months of experimenting with the site, Mods, plugins, messing...wiped the site and got another specialist installation (May 2011, Jake Bunce did it).
- over years, 6 times found (using Maintenance - Diagnostics) .php files that are not part of VB, a glance through and they seemed to be spam mailers.
- 2 times webhostinghub.com located and quarantined spam mailers (since they upgraded their software 3 months ago)
- 1 time found (last week) a file "class.php" in the includes directory
- on Monday the site was hacked and taken down

Keep on changing passwords into 40 characters long, spaces, mixed letters.

Daily run of Diagnostics. Daily backups.

--------------- Added [DATE]1441871454[/DATE] at [TIME]1441871454[/TIME] ---------------

Quote:
Originally Posted by cellarius View Post
This debate is ridicoulous. Every webscript I have ever used has database credentials in plain text in a config file. There's just no other way to do it, since the script has to be able to access this information. Of course you could encrypt it, but since the script needs to be able to decrypt it again to use it, you'd have to store the key somewhere. As others have pointed out, the config file can't be accessed from the outside. If an attacker has access to your ftp or shell, it's really too late.
Let's see why this debate is ridiculous: because coders and VB staff participating here have not told us (may well be news to them) that plain text database admin user name and password in

/includes/config.php

are used when initially creating the database from the sheet supplied for paid install or from own notes. Some may stay with that password, most would change it.

Just changed my cPanel, mail and database passwords and in

/includes/config.php

the password is the same as it was upon creation, should not be valid. But the site does not care.

That is another question: why is it then in /includes, why not in /install and removed before the site is powered up?
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01043 seconds
  • Memory Usage 1,768KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete