Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-27-2012, 03:37 PM
soulz2003 soulz2003 is offline
 
Join Date: Nov 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Site constantly being hacked.

We are being bombarded with this person who thinks it funny to alter the website.

I am not sure what is going. At first he found an exploit with vbadvanced. Now he managed to with vbulletin forum system. We are running 4.1.9

Thanks
Reply With Quote
  #2  
Old 04-27-2012, 03:46 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is more than likely one of your plugins that is letting him in check server logs from your host see how he is doing it
Reply With Quote
  #3  
Old 04-27-2012, 03:47 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by soulz2003 View Post
We are being bombarded with this person who thinks it funny to alter the website.

I am not sure what is going. At first he found an exploit with vbadvanced. Now he managed to with vbulletin forum system. We are running 4.1.9

Thanks
How were you hacked? I mean what type of hack it was. If I were you I would contact the hosting company and ask them to check the access logs and see how the hacker was able to get in. In meanwhile do a thorough scan/checkup of your server space and database and change all your passwords (forum admin, ftp and cpanel). Also scan your pc too with an antivirus/antispyware.

If your db is damaged then restore your most recent one from before the hack and upgrade your forum a.s.a.p.
Reply With Quote
  #4  
Old 04-27-2012, 03:50 PM
soulz2003 soulz2003 is offline
 
Join Date: Nov 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah we do daily backups thats not the problem. Right now i cannot since i am at work and they filter out my own site

That is a good idea i will have to check with our hosting company.
Reply With Quote
  #5  
Old 04-27-2012, 03:55 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by soulz2003 View Post
That is a good idea i will have to check with our hosting company.
your welcome
Reply With Quote
  #6  
Old 04-27-2012, 04:24 PM
soulz2003 soulz2003 is offline
 
Join Date: Nov 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ah i think i know what he is doing. He is forwarding our entire domain to his turkish website.

In the morning he only fiddled with our VBA index.php but now he forwarded the entire site over.
Reply With Quote
  #7  
Old 04-28-2012, 01:03 AM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

did he get into your hosting site
Reply With Quote
  #8  
Old 04-28-2012, 06:20 PM
soulz2003 soulz2003 is offline
 
Join Date: Nov 2009
Posts: 42
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I upgraded the vbulletin. It was 4.0.9

He altered our htaccess. Set it up to forward it to his website. How can you gain entry to that?

I hope the vb upgrade helped.
Reply With Quote
  #9  
Old 04-28-2012, 07:13 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if he got access to the htacess file then that means he has got into the ftp or some other way into the db files change all passwords to everything talk to your host and ask them to check server logs to see how he got in. Then your host can block him from the server level
Reply With Quote
  #10  
Old 04-28-2012, 08:39 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by soulz2003 View Post
I upgraded the vbulletin. It was 4.0.9

He altered our htaccess. Set it up to forward it to his website. How can you gain entry to that?

I hope the vb upgrade helped.
Most likely he got access through the server. Did you ask your host to check the access logs?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:35 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05963 seconds
  • Memory Usage 2,253KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete