Been Hacked.. :(

[soundboy]

Well.. i was hacked today.

They used SnIpEr_SA Shell and i think ive fixed it! They changed the index.php file to redirect to their site and somehow got my info via this script.

Ive changed my password to my..
FTP
Web Panel
Forum Account
and ive changed my admincp folders name..

Also ive banned the hackers i.p's via vbulletin.

Anything else i can do?
Thanks,

[royo]

You would need to figure out how they did it, since you probably have a vulnerable script somewhere which can be sql injected.

[soundboy]

From the looks of it, it just seems they "knew" my password. And it was a really strong one with CAPITALS and *^%'s. I dont have any scripts on my server... except for vbulletin and vbportal and the vbulletin mods which have no vuneralbilities.

[dtv100]

if you on a dedicated server try to get it harden.
change all password :
vbulletin login,Sql ,ftp,server login
on admincp index.php
add a .htacess

something like

Code:

$index['public'] = $index['public']; 
$phpkd['username'] = "dtv100";    // Here Is the User Name 
$phpkd['password'] = "mypassword";    // Here Is The htaccess Password 

if(!$index['public']){ 
if($_SERVER['PHP_AUTH_USER'] != $phpkd['username'] || $_SERVER['PHP_AUTH_PW'] != $phpkd['password']){ 
Header("WWW-Authenticate: Basic realm=\"Highly Secured\""); 
Header("HTTP/1.0 401 Unauthorized");echo "<head><title>Unauthorized</title></head><body bgcolor='#000000'><center><br> 
<a href=\"../index.php\" style=\"text-decoration: none\" target=\"_blank\"> 
<font face=\"MS Sans Serif\" color=\"#FFFFFF\" size=\"8\"><b><br>Enter Here Only<br></b></a></body></html>";exit;}}

[SEOvB]

Quote:

Originally Posted by soundboy

From the looks of it, it just seems they "knew" my password. And it was a really strong one with CAPITALS and *^%'s. I dont have any scripts on my server... except for vbulletin and vbportal and the vbulletin mods which have no vuneralbilities.

Then if you were using a password like that, it would have taken them forever to guess it. You've still got a serisous security hole some where along the lines or it'll just keep occurring.

[fum1n]

Maybe they have your computer rooted, your server rooted, or you used a vulnerable script.
Update your vBulletin and uninstall any unneeded mods/scripts etc.
Try and keep stuff minimalistic, the less stuff you have the less to go wrong.

[vBsquad]

They probably exploited a folder permission or uploading feature in vBulletin to add the shell script.

[ercollins]

I was hacked 27 times last month, spread across 4 domains. Took out all my forums.

2 forums was phpbb3 with no mods, one was SMF, and 1 modded phpbb3.

I then moved all my forums to VBulletin and was hacked yet again on every single account.

(you want to talk about fustrated?)

Finally i said enough is enough. I block all ftp acccess and shell access except from my IP.

(found out from the access logs they was using brute force to hack my forums and not even going through sql injection methods)

If you want to protect your server lock it down. install a firewall, put timeouts in place of anyone trying to access anything pw protected.

[Bilderback]

There may a shell on the shared server allowing them access to all accounts.
We had to move from Bluehost because they didnt address the issue and all their hosting
customers were getting hacked.
http://thebestforumever.com/41248-post1.html

[SEOvB]

Quote:

Originally Posted by ercollins

I was hacked 27 times last month, spread across 4 domains. Took out all my forums.

2 forums was phpbb3 with no mods, one was SMF, and 1 modded phpbb3.

I then moved all my forums to VBulletin and was hacked yet again on every single account.

(you want to talk about fustrated?)

Finally i said enough is enough. I block all ftp acccess and shell access except from my IP.

(found out from the access logs they was using brute force to hack my forums and not even going through sql injection methods)

If you want to protect your server lock it down. install a firewall, put timeouts in place of anyone trying to access anything pw protected.

you didnt have brute force detection installed atleast?