Site Hacked

[Senzuri]

Hi,

My site was recently defaced and I'm trying to figure out how he did it so I can prevent future attacks. I'm guessing he would have probably used an RFI exploit due to the fact that I haven't been regularly updating my sites software. Below is a list of all the mods I've been using as well as the versions. I'm hoping that someone will be able to help identify how he did.

VB version: v3.7.2 Patch Level 2

Admin Log In As User 3.0
April Fools Banning 1.0
Auto Move Closed Threads 1.1.1
Casino .92
Community News Letter Light 1.0.0 1.0.0
Cyb - Advanced Permissions Based on Post Count 4.4
FractalizeR: Registration Form AJAX Enhancements 1.1.1
ibProArcade for vBulletin 2.6.7
Limited Guest Viewing 1.2.1
Members who have Visited 3.7.003
MGC chatbox Evo 0.5.0
MGC Chatbox Evo Commands 0.0.0
Mobile Device Detection 1.0.0
Multiple Login Detector 1.03
Next Generation Postbit Legacy View 1.0.0
NoSpam! 4.0
passiveVid 1.1.2
Post Thank You Hack 7.6
Separate Sticky and Normal Threads 2.0.0
Stop the Registration Bots 1.0.3
TCattd - The Image Resizer 1.2.6
Top Posters 3.7.002
Usergroup Color Bar 1.0.0
vBCredits 1.4
Welcome Headers 5.0.2
Word Replacements 1.0.0

[fattony69]

Why aren't you using the newest vbulletin? Pardon me for saying this, all the boards that are 3.7.2 patch 2 I know of are nulled and were reported by me.

[Senzuri]

Quote:

Originally Posted by fattony69

Why aren't you using the newest vbulletin? Pardon me for saying this, all the boards that are 3.7.2 patch 2 I know of are nulled and were reported by me.

Are you kidding? I haven't updated my forum because I've been lazy and I've also had problems when upgrading. I've had a VB subscription for 2 years which has cost me a bit, go troll someone elses thread kthx.

Also if anyone can help, I'd appreciate it

[R1lover]

There is really no way for anyone here to tell how they got in, first you need to figure out what they changed to hack your site, then that will lead to clues maybe on how they did it.

[fattony69]

Quote:

Originally Posted by Senzuri

Are you kidding? I haven't updated my forum because I've been lazy and I've also had problems when upgrading. I've had a VB subscription for 2 years which has cost me a bit, go troll someone elses thread kthx.

Also if anyone can help, I'd appreciate it

I am not saying you are. I am just saying it is common. Jeez. I am trying to help. Are you using bluehost?

[Lynne]

If you can, look through your access_logs to see if you can see what they did to get hack the site (if it was through a mod). If you don't have access to the logs, you should ask your host for them soon because they might not keep them for long at all.

Go read the threads for all the mods you listed and see if any security issues have been brought up. Were you up-to-date on all the mods?

[TNCclubman]

From experience, the more mods you install, the more vulnerable you are. I wouldnt install more than 3 max... seriously, ask yourself if its worth getting hacked when you go and install something 'cute'. Plus it makes upgrades a major pain in tha arse.