Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-14-2006, 01:41 AM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default my board was hacked

someone hacked my vb and changed peoples avatars. what measures can i do to insure that this does not happen again.
Reply With Quote
  #2  
Old 06-14-2006, 01:48 AM
3z3k3l 3z3k3l is offline
 
Join Date: Feb 2006
Location: TX
Posts: 201
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What version are you running?
Reply With Quote
  #3  
Old 06-14-2006, 01:59 AM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

3.5.4
Reply With Quote
  #4  
Old 06-14-2006, 02:05 AM
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
Posts: 1,474
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

do you know how they got in? have you looked at logs?
Reply With Quote
  #5  
Old 06-14-2006, 02:06 AM
XFSImperial's Avatar
XFSImperial XFSImperial is offline
 
Join Date: Jul 2004
Location: USA
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Change all your administrator passwords, server passwords, and especially database passwords for starters...
Reply With Quote
  #6  
Old 06-14-2006, 02:07 AM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DementedMindz
do you know how they got in? have you looked at logs?
i'm really new to this whole vbulletin, how would i do that.
thank you for replying.

Quote:
Originally Posted by XFSImperial
Change all your administrator passwords, server passwords, and especially database passwords for starters...
thank you for your advice, i will do that right away.
Reply With Quote
  #7  
Old 06-14-2006, 02:12 AM
XFSImperial's Avatar
XFSImperial XFSImperial is offline
 
Join Date: Jul 2004
Location: USA
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah, like Demented Mindz asked, you have to know how you were exploited so that you can stop it from happening. vBulletin is pretty secure on its own. If only avatars were changed, somebody might have been able to guess an administrator password or make use of a bug within a vBulletin modification.

Check your vBulletin AdminCP logs, if you keep them and then check with your webhost or cPanel and look for your server logs. If they used conventional methods, those logs will provide the IP addresses and the scripts used to execute the hacking. You can use that to file a formal report with the proper law enforcement personnel, as well as identify the hole in your security...if conventional of course.
Reply With Quote
  #8  
Old 06-14-2006, 02:14 AM
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
Posts: 1,474
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well another thing i was going to ask is it on a shared account or a private server... cause i know there is a few exploits out right now on linux servers that will get you in sql pretty quick too esp on a shared server... do you have any other admins who would be messing around ? i would check out all the logs from admincp see what you see in there... one other thing you could do also is put a htaccess on admincp also...
Reply With Quote
  #9  
Old 06-14-2006, 02:19 AM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i'm not sure what you mean by server, i have a godaddy hosting account if thats what you mean. all my admins were offline when this occured.

i had the avatars set at 150x120 pixels but the hacker changed the avatar size to maybe 300x250 pixels. would that give a hint as to were he came through from?

**edit yes, i do have linux
Reply With Quote
  #10  
Old 06-14-2006, 02:24 AM
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
Posts: 1,474
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if your on godaddy make sure you have Hosting Configuration: 2.0 i had just let them know about 2 weeks ago about a few exploits and they shut them down... check your admincp logs and see what you see in there... change all your passwords and i would htaccess it this way you have 2 forms of security.. just make sure your password aint easy.. also for now on make sure you save all failed logins or hack attempts.. you can do that from admin too..
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:39 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04744 seconds
  • Memory Usage 2,253KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete