Thread: Miscellaneous Hacks - Rotating Banner System
View Single Post
  #2774  
Old 09-22-2016, 05:14 AM
y2ksw's Avatar
y2ksw y2ksw is offline
 
Join Date: Aug 2003
Location: Italy
Posts: 1,418
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by s_cocis View Post
Hi y2ksw ,

from some days, an unknown users, uses "sql injection" in the rbs_banners table appending malware script in the field "text"

there are vulnerabilities to be corrected?
Can you help me ?

Thank you
Sandro
vbulletin: 3.8.9 Patch Level 1
PHP: 5.3.8
MYSQL: 5.5.16
Everything is correctly escaped, but if some malicious software has access to your forum, it can do what it wants.

The most recent WORM attacks write directly to the plugin cache and are untraceable through the plugin list. The real problem however are one or more scripts which have been introduced to your system or site, which can be called from attackers at will.

I have solved the problem with a dedicated server and strict rules: 1 forum administrator, 1 system operator, secure Apache build (no fast_cgi etc) with security modules enabled, binding and local security rules for PHP (open_basedir, upload_tmp_dir to dedicated folders for each site), and, last not least, fail2ban against insisting hackers.

To clean a broken system, practice has revealed that downloading all scripts and passing them through Avast helps to find all hacked scripts and intruders, while printing styles, plugins and cache tables help to find already injected code.

All together it takes 10-20 minutes to clean an infected system, but unless then, everything is "mayhem".
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01305 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete