Thread: forum hacked!
View Single Post
  #1  
Old 07-28-2005, 02:33 PM
tm21 tm21 is offline
 
Join Date: Dec 2003
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default forum hacked!
Some damn newb got ahold of an admin password and proceeded to make numerous changes to my forum. I have everything listed in the logs, but it does not say exactly WHAT he did, only the script and action are listed. For example he changed around several user profiles, but it lists the users as numbers, not by name, but the member search does not have an option to search by number! How can I find out who these members are?

He changed forum permissions, altered usergroups, did something with options.php, he modified templates, he also screwed with css.php and cronadmin.php. What the hell feature of the board is cronadmin?

I eliminated all admins except myself, I installed 3.5 RC1 and reverted all the templetes to stock. I think he added some redirect code to snag peoples passwords in the templates. Some of my members were complaining of being sent to another website with IE exploits. I would not have caught him today if he hadn't gotten greedy and given himself an avatar (a privelage for staff only). The templates and css changes I can fix, what worries me is that entry for cronadmin.php and the action was modify. How can I find out what was modified, or where such modifications can be done?
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01154 seconds
  • Memory Usage 1,761KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete