Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-20-2009, 07:09 PM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked

How do i go about reporting a succsessfull hacking attempt. Baring in mind there were no addons at the time and i have spoken to the hacker and he 'claims' that he has written a script that will allow him access to any 3.8 board.
Reply With Quote
  #2  
Old 04-20-2009, 08:35 PM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Go to vBulletin.com and report it there. How / why are you in communication w/ the "hacker"? Is he attempting to get money out of you?
Reply With Quote
  #3  
Old 04-20-2009, 09:33 PM
TigerC10's Avatar
TigerC10 TigerC10 is offline
 
Join Date: Apr 2006
Location: Austin, TX
Posts: 616
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Were you running the latest vB? And how did you "confirm" the hack?
Reply With Quote
  #4  
Old 04-20-2009, 10:43 PM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

He replaced my htaccess (amongst other things) to redirect to his website. So i sign up and asked them why they were hacking me. Its a german site so i didnt fully understand all their responses but at least i got on talk terms with them and eventually they released my site.

Previously to that no matter how many times i replaced the file system and database from various backup dates they simply got over written.

He doesnt want anything from me but im not about to name him either as it is obvious what actions he will take. He has told me that it is vbulletin that has been exploited and not and modifications.

I have some server logs but im not to clear on what i am looking for.
Reply With Quote
  #5  
Old 04-20-2009, 11:17 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ask you host for help.

It sounds to me like he has access to your server if he is replacing htaccess files. If so, your host will want to know about this and should help you figure out how they got in.
Reply With Quote
  #6  
Old 04-21-2009, 12:26 AM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Agreed, it's not vBulletin. You need server access via CPanel or remote access or something to change the htaccess file. vBulletin has no access to it.
Reply With Quote
  #7  
Old 04-21-2009, 09:51 AM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It seems from the logs that he gained access to my account then added or edited a plugin, which one i am unsure of because are far from detailed (which is something vb should really expand on) assuming the right plugin was used that could effectivly give him root access, right? The logs dont tell me which plugin was altered, is there another way to get this information?

He then appeared to download my style and copy all images, dont know why.

Although i have my site back i dont feel secure, what actions can i take to increase security.

I am pretty sure now that he used a modification to gain access to my account even though he says he didnt so i have already removed most of them. Some of the are critical but i believe are safe.

I read somewhere that changing your userid could help also the location of admincp, how would i do this?
Reply With Quote
  #8  
Old 04-21-2009, 10:16 AM
napy8gen napy8gen is offline
 
Join Date: Jan 2006
Location: port ++++son
Posts: 519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

here it is powlo.
http://www.vbulletin.com/forum/showthread.php?t=172234
Reply With Quote
  #9  
Old 04-21-2009, 10:30 AM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks bud, i knew id seen it somewhere.
Reply With Quote
  #10  
Old 04-21-2009, 12:24 PM
Michael.A's Avatar
Michael.A Michael.A is offline
 
Join Date: Dec 2008
Location: L.A
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

here is what i think and all the coder and programmers on my forum think any vb higher then 3.7.5 is fun to take down sorry but yes . 3.8.x no good
i cant wit an tell 4.0
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:19 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04248 seconds
  • Memory Usage 2,255KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete