The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Keep Being Hacked
Hi, I'm having issues with a hacker.
Our site, forum.pwmania.com has been hacked twice by a hacker, Boraish. Apparently, from the looks of it, they are hacking our Style and simply overwriting it because I'm going into VB's finalupgrade.php script and I reinstall the style and then it all works again. Anybody know what the issue is and how to fix it? |
#2
|
|||
|
|||
change all your access passwords, for once, and deactivate the /install/directory when you do not need it...
ifthe guy have access to your style, it is because he have access to your site... think of it. |
#3
|
|||
|
|||
Okay, so when you say "access to the site" do you mean access directly to the server or access to the VB AdminCP? If you're referring to the AdminCP, well, the guy just hacked it a 3rd time 10 minutes ago and I'm the only administrator who has been on the last 2 times its been hacked and I'm also the only person who has access to the Styles, so that must mean he's hacked my account and was using it while I was still logged in.
From my experience, its something with VB because if the guy has access to the server, then he could take down all 8 sites we have hosted on the server but instead he's only messing with the forum, the only thing he can hack because he apparently doesn't have access to the server. The /install/ files are non-functional until I rechmod them so I can run the finalupgrade.php file to reinstall the vbstyles. I'm not new to these hackers, I've heard of them before and they do this stuff all the time. |
#4
|
|||
|
|||
Disable your modifications, use the default vBulletin style and upgrade to the latest version of vBulletin. That is the only way to reduce his success rate.
You don't need the /install/ directory once you have upgraded/installed, you should delete it once you have finished with it. (The on-screen instructions say just delete install/install.php but it is safe just to remove the entire directory, I'm pretty sure none of the files in that directory are used in standard scripts) What version of vBulletin are you using? Are there any other scripts running on your domain? (that are not part of default vBulletin, e.g. Wordpress or something) They could just be editing the style directly from the database, although it is a little difficult, it is not impossible. Check the Administration Logs in the vBulletin AdminCP to see if it was edited by another Admin (he may have gained access to their account). If you keep restoring old things he will just take it down again. |
#5
|
||||
|
||||
Quote:
Quote:
|
#6
|
||||
|
||||
Why keep them on the server? I keep a copy of my site on my home computer. I am the only one who ever does anything to vb, so I'm the only one who needs those files, therefore I just delete the whole install directory since noone else needs it.
|
#7
|
||||
|
||||
Apparently the server has crashed or else they are dossing it because its been down for several hours now.
Quote:
Quote:
There are no other scripts other than VB in the forums subdomain. Quote:
Quote:
EDIT: The only other alternative I know of is that he somehow either found a flaw in the coding or else has hacked the server in some way because I found a file called update.php that they kept installing on the server that would overwrite the forum, allowing them to put that message on the board. He probably installed it two or three times and everytime I found it, I chmodded it to disable it and then he would install a new one in a different spot. Once I can get back on the server, I'll let yall see it. |
#8
|
||||
|
||||
Quote:
If I remember right, Kirby used that file for one of his hacks a while back. |
#9
|
||||
|
||||
If he keeps putting some update.php file on the server, then it sounds to me like he has ftp access to your site. You should change your passwords to logon to your server. Is this the only site on the server? If other sites are there and have modifications installed, maybe he is somehow using one of them to upload the file? Sorry, hacking isn't my expertise, but I would definitely start by changing all passwords and making sure the admin cp is htaccess protected.
When you say you keep installing the style again and again, are you putting up your own style, or the vbulletin default style? Also, have you read this? http://www.vbulletin.com/forum/showthread.php?t=194701 |
#10
|
|||
|
|||
My site actually got hacked today in much the same fashion. I am going back though it right now trying to set it straight. I am guessing a product or plugin is a possible cause.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|