Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 07-28-2007, 02:13 PM
TunerNetwork TunerNetwork is offline
 
Join Date: Jul 2004
Location: CT
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked!

Ok, need your help on this. Woke up this morning, go to log in...cant. I try several times, I know im putting in the right pw, and still cant. I look at my news forum and see some arabic writing. I log in under another admins login/pw. I search for my user name (original one) does not exist. I look under usergroups, not there. I take it that it got erased?

Here is a screen shot of the post that was made, and one was made in an admin section, so I take it was not a bot. What do i need to do to prevent this again? I attached what they wrote and the screenshots.

The first post made by the hacker says this: (arabic writing that was posted underneath)


Quote:
Originally Posted by Sn1p3r_spy
Just Play Bank Aladem been unsuccessful then penetrate forum without index Esbero Khkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkhkh khkhkhkhkhkhkhkhkhkhkho
(this is the english version of this below)
خخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخخ بس العب بنك الادم تم اختراق منتداكم الفاشل الحين بغير الاندكس اصبروشو

Hacker's username that was created: Sn1p3r_spy

And this is the post made in my news section:

Quote:
Originally Posted by Sn1p3r_spy
God Ilankam forum Tabani of very Yakelap b Houphoni Wadman Khkhkhkhkhkhkhkhkhb
(this is the english version of this below)


شووفوني ادمن خخخخخخخخخ الله يلعنكم منتداكم تعبني من جد ياكلاب



Wanted to know if I could save my username or is that gone?
Attached Images
File Type: jpg hacked.jpg (53.2 KB, 0 views)
File Type: jpg hacked2.jpg (78.2 KB, 0 views)
Reply With Quote
  #2  
Old 07-28-2007, 02:17 PM
King Kovifor's Avatar
King Kovifor King Kovifor is offline
 
Join Date: Nov 2004
Location: PA
Posts: 3,872
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can use a back up of your forum from the past day, before the board was hacked.
Reply With Quote
  #3  
Old 07-28-2007, 02:29 PM
TunerNetwork TunerNetwork is offline
 
Join Date: Jul 2004
Location: CT
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

im checking to see when my host last did an update, last time i did a full back up was on 7/11/07
Reply With Quote
  #4  
Old 07-28-2007, 02:48 PM
Carnage Carnage is offline
 
Join Date: Jan 2005
Location: uk
Posts: 760
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you could restore just your user account from there instead of a whole board restore... i've restored users before when they've been accidentally deleted but its a time consuming process.
Reply With Quote
  #5  
Old 07-28-2007, 02:55 PM
TunerNetwork TunerNetwork is offline
 
Join Date: Jul 2004
Location: CT
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

caranage, is there a way to go back and save my old user name? I was running 3.6, im upgrading my board up to 3.8 as we speak under another admin name. But i want to save my old name. Is that possible?

I deleted anything that was related to this hacker that I could find, im hoping he doesnt have anything hidden on my site or server. Hoping the upgrade eliminates any further damage.

If you want to contact me, TN Zazza is my aim name

oops, ok i just upgraded to 3.6.8
Reply With Quote
  #6  
Old 07-28-2007, 03:38 PM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Run a check for Suspect Files through the Maintenance tab in the AdminCP. This will tell you if there are any files in your directory that shouldn't be there, or if any of the core files have been altered.
Reply With Quote
  #7  
Old 07-28-2007, 09:54 PM
TunerNetwork TunerNetwork is offline
 
Join Date: Jul 2004
Location: CT
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, what I had to do was restore my old back up that is about 2 weeks old, sux but, it put me back to a working starting point, i was at 3.6.6, so I upgraded immediately to 3.6.8. I set all of my admins so they cant be erased in the config file, changed pw's etc. Is there anything that you guys can recommend for me to check or get rid of etc, in order to prevent this from happening again?

Thanks
Reply With Quote
  #8  
Old 07-28-2007, 10:02 PM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Did you run the check I suggested in my previous post? What modifications do you have installed?
Reply With Quote
  #9  
Old 07-28-2007, 10:16 PM
TunerNetwork TunerNetwork is offline
 
Join Date: Jul 2004
Location: CT
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ya under the diagnostics check, i have a bit of mods installed, i never had an issue before, I think it may have been because I didnt upgrade to the newest release yet, but here are my results, lol:

arcade.php File not recognized as part of vBulletin
fixoptions.php File not recognized as part of vBulletin
flashchat.php File not recognized as part of vBulletin
itrader.php File not recognized as part of vBulletin
itrader_detail.php File not recognized as part of vBulletin
itrader_feedback.php File not recognized as part of vBulletin
itrader_global.php File not recognized as part of vBulletin
itrader_report.php File not recognized as part of vBulletin
journal.php File not recognized as part of vBulletin
mm_menu.js File not recognized as part of vBulletin
modelapp.php File not recognized as part of vBulletin
sr_classifieds.php File not recognized as part of vBulletin
sr_classifieds_payment.php File not recognized as part of vBulletin
template.htm File not recognized as part of vBulletin
ushop.php File not recognized as part of vBulletin
vbfavorites.php File not recognized as part of vBulletin
vbgarage.php File not recognized as part of vBulletin
vbpunch.php File not recognized as part of vBulletin
vbulletin35CMS.php File not recognized as part of vBulletin
Scanned 63 files
./admincp
arcade.php File not recognized as part of vBulletin
articlebot_admin.php File not recognized as part of vBulletin
articlebot_simulator.php File not recognized as part of vBulletin
itrader_misc.php File not recognized as part of vBulletin
journaladmin.php File not recognized as part of vBulletin
read_pms.php File not recognized as part of vBulletin
sr_classifieds_admin.php File not recognized as part of vBulletin
ucash_admin.php File not recognized as part of vBulletin
ushop_admin.php File not recognized as part of vBulletin
vba_cmps_admin.php File not recognized as part of vBulletin
vba_links_admin.php File not recognized as part of vBulletin
vbacmps_install.php File not recognized as part of vBulletin
vbalinks_install.php File not recognized as part of vBulletin
Scanned 3 files
./archive
Scanned 34 files
./clientscript
activecell.htc File not recognized as part of vBulletin
ncode_imageresizer.js File not recognized as part of vBulletin
vbpunch.js File not recognized as part of vBulletin
Scanned 3 files
./clientscript/yui
Scanned 2 files
./images/regimage/fonts
Scanned 111 files
./includes
adminfunctions_links.php File not recognized as part of vBulletin
adminfunctions_vba_cmps.php File not recognized as part of vBulletin
bitfield_sr_classifieds.xml File not recognized as part of vBulletin
class_dm_itrader.php File not recognized as part of vBulletin
class_ucs_core.php File not recognized as part of vBulletin
cpnav_sr_classifieds.xml File not recognized as part of vBulletin
datastore_cache.php File not recognized as part of vBulletin
functions_itrader.php File not recognized as part of vBulletin
functions_links.php File not recognized as part of vBulletin
functions_ucs_shared.php File not recognized as part of vBulletin
functions_ushop.php File not recognized as part of vBulletin
global_ushop.php File not recognized as part of vBulletin
vba_cmps_include_bottom.php File not recognized as part of vBulletin
vba_cmps_include_error.php File not recognized as part of vBulletin
vba_cmps_include_template.php File not recognized as part of vBulletin
vba_cmps_include_top.php File not recognized as part of vBulletin
vba_cmps_plugin_newpost.php File not recognized as part of vBulletin
vba_global_error.php File not recognized as part of vBulletin
Scanned 26 files
./includes/cron
articlebot_vbcron.php File not recognized as part of vBulletin
links_search.php File not recognized as part of vBulletin
links_subscriptions.php File not recognized as part of vBulletin
rsvp_notify.php File not recognized as part of vBulletin
sr_classifieds.php File not recognized as part of vBulletin
ucash_paycheck.php File not recognized as part of vBulletin
ushop_expiration.php File not recognized as part of vBulletin
ushop_misc.php File not recognized as part of vBulletin
Scanned 8 files
./includes/paymentapi
Scanned 26 files
./includes/xml
bitfield_comments.xml File not recognized as part of vBulletin
bitfield_itrader.xml File not recognized as part of vBulletin
bitfield_journalhack.xml File not recognized as part of vBulletin
bitfield_profileviews.xml File not recognized as part of vBulletin
bitfield_sr_classifieds.xml File not recognized as part of vBulletin
bitfield_vbpunch.xml File not recognized as part of vBulletin
cpnav_arcade.xml File not recognized as part of vBulletin
cpnav_articlebot.xml File not recognized as part of vBulletin
cpnav_itrader.xml File not recognized as part of vBulletin
cpnav_journalhack.xml File not recognized as part of vBulletin
cpnav_rpm.xml File not recognized as part of vBulletin
cpnav_sr_classifieds.xml File not recognized as part of vBulletin
cpnav_ucs.xml File not recognized as part of vBulletin
cpnav_vbacmps.xml File not recognized as part of vBulletin
cpnav_vbalinks.xml File not recognized as part of vBulletin
hooks_ibproarcade.xml File not recognized as part of vBulletin
hooks_sr_classifieds.xml File not recognized as part of vBulletin
hooks_v3arcade.xml File not recognized as part of vBulletin
product-ibproarcade.xml File not recognized as part of vBulletin
Scanned 70 files
./install
Scanned 11 files
./modcp
vba_links.php

Now, anything look out of whack? lol I appreciate your feedback!
Reply With Quote
  #10  
Old 07-28-2007, 10:33 PM
MRGTB MRGTB is offline
 
Join Date: Dec 2004
Posts: 548
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Did u say just a FEW hacks

Go over to vBulletin, there is a thread there somewhere that tells you things to do to make your board more secure, like re-naming the admincp folder to another name and you can also make use of .htaccess files to require two logins for the admin area. You should also use .htaccess file to protect folders like the CGI-BIN. So cgi scripts cannot be run from there.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:16 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04988 seconds
  • Memory Usage 2,287KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (2)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete