Not so funny! LOL

[UncoderMom]

Oooh come on now Adrian!! You know me WAY better then to ever think I'd take that advise! LOL Though I do suppose I should uninstall the disabled blog I just dont want to loose that data. VB makes a converter for it now. Just havent had time or money to lay down on it.

Actually I need to do some serious clean up!! Pick through all my directories and remove suspects that are from old mods... I saw a few floating around yesterday. Examine all files that have an old upload dates too. Make sure there are no upgrades to it etc...

Thanks again for your help too Adrian.

[KTBleeding]

Take it as a good thing. A surprising amount of "script kiddies" are doing this for your own good. They didn't take down your site with immense damage, and they could have. Easily. Some will even put their email and how to contact them.. I've actually heard of them responding and telling the person how they got in, and how to prevent it.

It's a pain in the neck, of course.. and we would all like a heads up email over the defacement of our sites.. but then again, would we listen to emails or just ignore them? Sometimes it takes something like this to grab our attention and do something about it..

[UncoderMom]

uuuh thats like a warped way of looking at it. Its an invasion of privacy. Its like breaking into someones house and waiting for them in the kitchen and saying haha I got in... guess you better use a better lock... I'm doing you a favor.. I could have been a real bad guy. BS LOL No offense. NO ONE, ABSOLUTELY NO ONE has the right to violate some ones server "for there own good". Man I could lay so many analogies on that one but I'll spare you! haha

I dont care if it was for my own good or for sick personal reasons. Someone should put their asses in jail.. that would be for their own good for damaging my goods. Pay me restitution too... yeah that.

haha Now THAT would be good for me. LOL

Anyway... if you google my hackers, you'll see it was anything but to "help me". More like internet terrorism!

[KTBleeding]

Well, I'm not justifying their actions by any means, I guess I should have made that clear. I'm just saying to take it as a good learning experience. You've now learned from a massive mistake as being an internet real estate holder.

Sure, we can come up with countless amounts of analogies if we want.. but we all know what they're doing isn't right, so it's kind of pointless. The fact that these exist more than someone breaking into your house and robbing you is because of the lovely anonymity of the internet. They can get away with it, and they know it. There's a far greater risk by breaking into someones house.

Leaving xss vulnerabilities in your sites is more than just having a bad lock on your door. It's leaving your door wide open with a HUGE sign above your house that says, "Hey, I am not home right now and I have thousands of dollars worth of crap you can come take."

Again, I'm not justifying these actions.. I've had my site defaced once years ago, and I felt extremely violated, as any normal person would. It is a sad thing that they get away with doing this, but because of them I run my sites with extreme caution and security. I took it as a learning curve, it wasn't as bad as it potentially could have been and for that I was thankful.

[UncoderMom]

Quote:

Originally Posted by KTBleeding

Well, I'm not justifying their actions by any means, I guess I should have made that clear. I'm just saying to take it as a good learning experience. You've now learned from a massive mistake as being an internet real estate holder.

Sure, we can come up with countless amounts of analogies if we want.. but we all know what they're doing isn't right, so it's kind of pointless. The fact that these exist more than someone breaking into your house and robbing you is because of the lovely anonymity of the internet. They can get away with it, and they know it. There's a far greater risk by breaking into someones house.

Leaving xss vulnerabilities in your sites is more than just having a bad lock on your door. It's leaving your door wide open with a HUGE sign above your house that says, "Hey, I am not home right now and I have thousands of dollars worth of crap you can come take."

Again, I'm not justifying these actions.. I've had my site defaced once years ago, and I felt extremely violated, as any normal person would. It is a sad thing that they get away with doing this, but because of them I run my sites with extreme caution and security. I took it as a learning curve, it wasn't as bad as it potentially could have been and for that I was thankful.

It was definitely a learning experience. Well, I've seen it so many times happen to other people I didnt even get all panicky. I guess the only panic was the thought of having to restore the DB LOL. That and i dont "do" shell stuff. LOL Well not that I couldnt just I seem to have some pretty good friends that always seem to do that stuff for me, that and a great host. Perhaps I should have learned that stuff myself... Instead of letting someone bail me out there. LOL

Put that on my list.. Learn to decipher shell logs. haha

[calumn]

You should try out bqbackup.

Its rsync and backs up your whole server including databases, files, emails, everything. It can be set to run automatically daily and only moves changed files.

So on my first day it moved about 10gb of all files but after that it was only a little each day and I don't need to do anything. Its only a couple of dollars a month.

[GSeybold]

First Unimomma
I'm super sorry this happened to you and I'm also jealous of your extensive computer knowledge. You go girl!

Second, is there ANY way at all to trace these Mo Fos? My company traced some spammers all the way to a major company so I did have legal recourse if I had elected to file a lawsuit (disruption of ecommerce is a federal felony). I contacted the CEO and had a "friendly" officer to officer chat. Amazingly, this CEO denied any knowledge (cough cough-yeah right), But after that call, all these spammers stopped. Humm.. what a surprise eh? Not!

I know my spammers situation isn't anywhere near as awful as being hacked but can you somehow get some info on these morons?

Could they have found the thread about Joomla and then went to your site you have listed on Vb.org? Could this have been from a vb.org member? I hope to hell not.

Gabby

[GSeybold]

Hello
I didn't want to make another post but I'm wondering if I've been hacked some how.

My newbie posts are alll moderated but yesterday a newbie posted several times and his posts were'n't moderated and went directly online. I've rechecked all permissions and they are ok.

Can someone advise.

I'm sorry I don't mean to hijack this thread but didn't want to start a new one .

Thanks

Gabby

[UncoderMom]

Gabby, check this post for help... IS that the same thing you got going on??

https://vborg.vbsupport.ru/showthread.php?t=204103

[GSeybold]

Thank you Uni

I checked out that thread and my members are staying in their respective catagories but this one member's post aren't being moderated at all and they should be because he's in the moderated catagory. I created a test newbie account and it worked fine, all my test posts went to the mod que but this particular member's posts aren't. . So it's isn't a mod issue either. I asked my three mods if they approved the thread and they all said no. The post doesn't have any record of being approved. I am the only admin as well.

The member also put as a referrer someone who hasn't even been active on the forum in over a year. I watched as the person navigated my forum and they went to many threads and stayed only for a few seconds.

They posted a post which are consistant with my forum's subject but vague.

I'm pretty sure this isn't good and not sure what the next step is for me. I just want to avoid any more hassles.

I'm runing 3.72 pl 1

Gabby

--------------- Added [DATE]1233866440[/DATE] at [TIME]1233866440[/TIME] ---------------

Ok I have another newbie just now, I happened to be looking who's online. It says this person(?) went right to "Private Messages" per who's online. BUT my newbies do not have Private Messaging privledges and PMs don't even come up as an option in a newbie's control panel?

What they heck?