The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Having a problem with a hacker
First of all, I wasn't really sure where to put this, I apologize if it's wrong, right now though I really just want to stop this guy. I'd put it on the vbulletin.com site but I don't have the license info and the guy that does isn't online often.
A few days ago I received an IM from some guy saying that there was a bug/exploit on the site and we should back things up. I didn't take him too seriously but we have backups regardless. The next day, our site was, apparently, hacked. I wasn't on at the time so I don't know all of the specifics but we do have a screen from someone else: http://i290.photobucket.com/albums/l...t/Untitled.jpg It's a little fuzzy but he signed it "...%", which is the MSN username he used when I was IMed. We restored our backups and everything was okay, but he continued IMing me. He wasn't mean or anything, and he gave a little info about what he was doing. He could read our hidden staff forum, he knew my password, and apparently had admin access -- all without having an account. He said something about it being a bug in the sql database or the php files, and that he got into our server in less than 10 minutes. Today he registered as a normal user on our site. He proceeded to change his usergroup to Coder (something akin to a sectional mod that we have on our site, they don't have much power), change his user title (we have that as a benefit for our special members only), and give himself reputation (which you're normally not able to do). One of our admins banned his account, IP address, and email. He IMed me about this today, angry at the guy who banned him, saying he would "ban him forever". The guy is Italian so we didn't communicate too well all the time. He has since logged off, he seems to be on friendly terms with me, for whatever reason. We're all kind of freaking out about this, and any help is appreciated. If you need more info I'll provide it. Here's a link to our site: http://www.kh-vids.net There's an error on the main page now but if you go to http://www.kh-vids.net/forum.php you should be able to view the site. Most of the evidence is gone. We have disabled all plug-ins too. |
#2
|
|||
|
|||
I would contact your webhost, with the last known IP for him.
They can ban him from their hosting server and that should solve it, Change the admincp URL. In config.php // ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ****** // This setting allows you to change the name of the folders that the admin and // moderator control panels reside in. You may wish to do this for security purposes. // Please note that if you change the name of the directory here, you will still need // to manually change the name of the directory on the server. $config['Misc']['admincpdir'] = 'admincp'; $config['Misc']['modcpdir'] = 'modcp'; change the admincp to something else and the modcp. This should stop him, put a password on the folders, CPANEL > Password Protect Directories > click folder url, then tick the box put a message save. > Add user and password to them and then save again.... I hope this helps if not, change host or everything linked to this childish kid. |
#3
|
|||
|
|||
If he can read files, he can see the MySQL password and change the data tables that way. I would change the password on the hosting account and let the host know that you have been hacked. Then see about moving the MySQL password out of web-readable space and change it regardless. I don't think you're going to fix this within vBulletin.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|