Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-22-2010, 08:32 PM
ElfenLied1337's Avatar
ElfenLied1337 ElfenLied1337 is offline
 
Join Date: Aug 2009
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Having a problem with a hacker

First of all, I wasn't really sure where to put this, I apologize if it's wrong, right now though I really just want to stop this guy. I'd put it on the vbulletin.com site but I don't have the license info and the guy that does isn't online often.

A few days ago I received an IM from some guy saying that there was a bug/exploit on the site and we should back things up. I didn't take him too seriously but we have backups regardless.

The next day, our site was, apparently, hacked. I wasn't on at the time so I don't know all of the specifics but we do have a screen from someone else:
http://i290.photobucket.com/albums/l...t/Untitled.jpg
It's a little fuzzy but he signed it "...%", which is the MSN username he used when I was IMed.

We restored our backups and everything was okay, but he continued IMing me. He wasn't mean or anything, and he gave a little info about what he was doing. He could read our hidden staff forum, he knew my password, and apparently had admin access -- all without having an account. He said something about it being a bug in the sql database or the php files, and that he got into our server in less than 10 minutes.

Today he registered as a normal user on our site. He proceeded to change his usergroup to Coder (something akin to a sectional mod that we have on our site, they don't have much power), change his user title (we have that as a benefit for our special members only), and give himself reputation (which you're normally not able to do). One of our admins banned his account, IP address, and email.

He IMed me about this today, angry at the guy who banned him, saying he would "ban him forever". The guy is Italian so we didn't communicate too well all the time.

He has since logged off, he seems to be on friendly terms with me, for whatever reason.

We're all kind of freaking out about this, and any help is appreciated. If you need more info I'll provide it.

Here's a link to our site: http://www.kh-vids.net
There's an error on the main page now but if you go to http://www.kh-vids.net/forum.php you should be able to view the site. Most of the evidence is gone.
We have disabled all plug-ins too.
Reply With Quote
  #2  
Old 09-22-2010, 09:22 PM
MichaelDance MichaelDance is offline
 
Join Date: Dec 2009
Location: Warwickshire, UK
Posts: 156
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would contact your webhost, with the last known IP for him.

They can ban him from their hosting server and that should solve it, Change the admincp URL.

In config.php

// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';

change the admincp to something else and the modcp.

This should stop him, put a password on the folders,

CPANEL > Password Protect Directories > click folder url, then tick the box put a message save. > Add user and password to them and then save again....

I hope this helps if not, change host or everything linked to this childish kid.
Reply With Quote
  #3  
Old 09-23-2010, 01:34 PM
AntonLargiader AntonLargiader is offline
 
Join Date: Dec 2005
Location: Charlottesville, VA
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If he can read files, he can see the MySQL password and change the data tables that way. I would change the password on the hosting account and let the host know that you have been hacked. Then see about moving the MySQL password out of web-readable space and change it regardless. I don't think you're going to fix this within vBulletin.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:38 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04567 seconds
  • Memory Usage 2,184KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete