The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
my board was hacked
someone hacked my vb and changed peoples avatars. what measures can i do to insure that this does not happen again.
|
#2
|
|||
|
|||
What version are you running?
|
#3
|
|||
|
|||
3.5.4
|
#4
|
|||
|
|||
do you know how they got in? have you looked at logs?
|
#5
|
||||
|
||||
Change all your administrator passwords, server passwords, and especially database passwords for starters...
|
#6
|
|||
|
|||
Quote:
thank you for replying. Quote:
|
#7
|
||||
|
||||
Yeah, like Demented Mindz asked, you have to know how you were exploited so that you can stop it from happening. vBulletin is pretty secure on its own. If only avatars were changed, somebody might have been able to guess an administrator password or make use of a bug within a vBulletin modification.
Check your vBulletin AdminCP logs, if you keep them and then check with your webhost or cPanel and look for your server logs. If they used conventional methods, those logs will provide the IP addresses and the scripts used to execute the hacking. You can use that to file a formal report with the proper law enforcement personnel, as well as identify the hole in your security...if conventional of course. |
#8
|
|||
|
|||
well another thing i was going to ask is it on a shared account or a private server... cause i know there is a few exploits out right now on linux servers that will get you in sql pretty quick too esp on a shared server... do you have any other admins who would be messing around ? i would check out all the logs from admincp see what you see in there... one other thing you could do also is put a htaccess on admincp also...
|
#9
|
|||
|
|||
i'm not sure what you mean by server, i have a godaddy hosting account if thats what you mean. all my admins were offline when this occured.
i had the avatars set at 150x120 pixels but the hacker changed the avatar size to maybe 300x250 pixels. would that give a hint as to were he came through from? **edit yes, i do have linux |
#10
|
|||
|
|||
if your on godaddy make sure you have Hosting Configuration: 2.0 i had just let them know about 2 weeks ago about a few exploits and they shut them down... check your admincp logs and see what you see in there... change all your passwords and i would htaccess it this way you have 2 forms of security.. just make sure your password aint easy.. also for now on make sure you save all failed logins or hack attempts.. you can do that from admin too..
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|