Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 12-02-2011, 08:34 PM
lcp03o lcp03o is offline
 
Join Date: Jun 2004
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Is Hacking Of My Site Over ???

Hi

HAckers got access to my admincp and uploaded a remote shell script http://itsecbiz.blogspot.com/2011/07...f-you-got.html and defaced my site as well as reset passwords for some users.

I have deleted the plugin and I have added extra security on the admincp folder. I have also deleted all files on my server and uploaded the latest 4.1.8 vb files and upgraded to this version.

Am I safe now from the hackers?? Is there any way they could of injected some sort of code in to my database and get access to users passwords via this?? I have deleted all styles on my site and created a new default one.

I have also changed all passwords. Is there anything else I can do??

Thanks
Reply With Quote
  #2  
Old 12-02-2011, 08:54 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

use .htpasswd and .htaccess for admincp, modcp install, includes, packages, and vb folders also rename the admincp and modcp folders
Reply With Quote
  #3  
Old 12-02-2011, 08:57 PM
K!nG K!nG is offline
 
Join Date: Dec 2010
Location: United States
Posts: 477
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can read these steps and see if that's something u wants to do.

Protect the following folders with .htacess: install (it shouldn't b there at all) - admincp - modcp.

Update vBulletin to the lasted version and use only trusted nulled vb versions.

Use a Random Password Generator.

Update Your Server Software APACHE/MYSQL/PHP/etc.

Remove the vB version on the footer and archive

Give only Trusted users High Ranks

Scan your PC of Viruses with a good Anti Virus Like Kaspersky,Anti Vir.

Dont Download every file what someone sends you.

Dont install mods/hacks that are not trusted or modfied by a unknown coder.

Dont use BETA/ALPHA vBulletin versions on a running online site.

Chmod Config Files 777 Rest Files 644

Configure your Server and Update it against known attacks: DDos etc.

Here are few most important changes for php-savvy admins to do (or forum system programmers to initiate) are:

Use a Protected Server network Firewall - Reserve Proxys etc.

unique names for admin control panel on every installation.

unique names for the core member database table on every installation.

unique names for the password field of the member database on every installation.

custom MD5 hashes for posting to the forum to authenticate a logged-in session (prevent spamming and automated posting scripts without using a captcha).
Reply With Quote
Благодарность от:
MaXimus
  #4  
Old 12-02-2011, 09:09 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by lcp03o View Post
I have deleted the plugin
What plugin?
Reply With Quote
  #5  
Old 12-02-2011, 09:18 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by K!nG View Post
You can read these steps and see if that's something u wants to do.


Protect the following folders with .htacess: install (it shouldn't b there at all) - admincp - modcp.

Update vBulletin to the lasted version and use only trusted nulled vb versions.

Use a Random Password Generator.

Update Your Server Software APACHE/MYSQL/PHP/etc.

Remove the vB version on the footer and archive

Give only Trusted users High Ranks

Scan your PC of Viruses with a good Anti Virus Like Kaspersky,Anti Vir.

Dont Download every file what someone sends you.

Dont install mods/hacks that are not trusted or modfied by a unknown coder.

Dont use BETA/ALPHA vBulletin versions on a running online site.

Chmod Config Files 777 Rest Files 644

Configure your Server and Update it against known attacks: DDos etc.

Here are few most important changes for php-savvy admins to do (or forum system programmers to initiate) are:

Use a Protected Server network Firewall - Reserve Proxys etc.

unique names for admin control panel on every installation.

unique names for the core member database table on every installation.

unique names for the password field of the member database on every installation.

custom MD5 hashes for posting to the forum to authenticate a logged-in session (prevent spamming and automated posting scripts without using a captcha).
https://www.vbulletin.com/forum/show...=1#post2231088
you are wrong about the install folder
Reply With Quote
  #6  
Old 12-02-2011, 09:49 PM
Big Al Big Al is offline
 
Join Date: Nov 2011
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am not a tech and so would not presume to advise on that side of things, but have you considered why some one would go to the trouble of hacking you?

Have you alienated some one recently? A pissed off ex or current member could do many things to a site.

Improving security may not be as effective, if the hacker is motivated by past grievances.

And this issue, if there, may need to be resolved in a reasonable manner as well.

The defacing of a site has to have a reason.
You ask if there is anything else you could do.
I would consider it wise to check if you have upset anyone unjustly recently.
Reply With Quote
  #7  
Old 12-04-2011, 12:03 AM
Breakthecycle2's Avatar
Breakthecycle2 Breakthecycle2 is offline
 
Join Date: Sep 2011
Posts: 130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE=K!nG;2274125]You can read these steps and see if that's something u wants to do.

Remove the vB version on the footer and archive[QUOTE=K!nG;2274125]

How do you remove it? I was under the impression if you did, VB wouldn't work correctly?
Reply With Quote
  #8  
Old 12-04-2011, 04:02 AM
K!nG K!nG is offline
 
Join Date: Dec 2010
Location: United States
Posts: 477
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ForceHSS View Post
https://www.vbulletin.com/forum/show...=1#post2231088
you are wrong about the install folder
Well do ppl really keep install folder after the installation in their forums directory ???? As far as i heard and have seen around no one suggests to keep install folder once ur installation is done. I forgot to type "if u still have it".

--------------- Added [DATE]1322975102[/DATE] at [TIME]1322975102[/TIME] ---------------

[QUOTE=Breakthecycle2;2274429][QUOTE=K!nG;2274125]You can read these steps and see if that's something u wants to do.


Remove the vB version on the footer and archive
Quote:
Originally Posted by K!nG View Post

How do you remove it? I was under the impression if you did, VB wouldn't work correctly?

Yes, you can remove the version number. To do this, edit the 'powered_by_vbulletin' phrase and replace this:

Powered by: vBulletin Version {1}<br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

With this:

Powered by: vBulletin <br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

Note: To edit a phrase, place the new phrase in the available language text boxes

You can remove ur version number and its not against vbulletin rules & regulations.
Reply With Quote
  #9  
Old 12-04-2011, 08:08 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Big Al View Post
The defacing of a site has to have a reason.
It really doesn't. These script kiddies do it for net "street cred" wherever they find a exploit they know about. It's usually nothing personal against the defaced site at all.
Reply With Quote
  #10  
Old 12-04-2011, 11:30 AM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE=K!nG;2274478]Well do ppl really keep install folder after the installation in their forums directory ???? As far as i heard and have seen around no one suggests to keep install folder once ur installation is done. I forgot to type "if u still have it".

--------------- Added [DATE]1322975102[/DATE] at [TIME]1322975102[/TIME] ---------------

[QUOTE=Breakthecycle2;2274429]
Quote:
Originally Posted by K!nG View Post
You can read these steps and see if that's something u wants to do.


Remove the vB version on the footer and archive


Yes, you can remove the version number. To do this, edit the 'powered_by_vbulletin' phrase and replace this:

Powered by: vBulletin Version {1}<br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

With this:

Powered by: vBulletin <br />Copyright &copy;2000 - {2}, Jelsoft Enterprises Ltd.

Note: To edit a phrase, place the new phrase in the available language text boxes

You can remove ur version number and its not against vbulletin rules & regulations.
I think you mean the install.php not the whole folder
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:03 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06160 seconds
  • Memory Usage 2,270KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete