The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Hacked - Database Deleted - Via Downloads II ??
Lunch time today I got a general VB database error. When I checked the site through my server control panel, the site database was not there. I am currently installing a backup.
After nosing around the file structure on the site, I noticed in the Downloads folder, (this is a folder created by the Downloads II mod) a bunch of files that should not have been there, most modified at the time of the crash just after 1pm Can anyone enlighten me what these files might be and how they got in this folder and are they responsible for my database disappearing. Thanks in advance |
#2
|
|||
|
|||
You have a security hole on the server, check the apache logs for c99 and see if you can find out how they uploaded it, there are numerous ways to stop c99 uploads, but i would suggest you find the security issue first and close that hole.
|
#3
|
|||
|
|||
What is a c99 upload?
|
#4
|
|||
|
|||
c99 is the bash script they used to nuke your db.
you posted a picture of the files they uploaded, please read the names of the files and note the c99 name in them. |
#5
|
|||
|
|||
Yes, the thing is I think i saw him do it.
On the front page we have vbadvanced and there is a VBA module that lists the latest upload, i noticed an upload called aaaaaaaaaaa But when I went to it, it was gone, The upload was atributed to someone who joined today. I watched him, via whos online and he spent a bit of time in the Downloads section and then i thought no more of it. A lot of members do just that they join to get access to the downloads section, shortly after the DB was no more. That is why I checked the Downloads folder, looking for that aaaaaaaaa file and found all that other c99crap |
#6
|
|||
|
|||
Well as i stated you can block c99 uploading, thats not really a issue, you need to close the security hole you have open on your server.
Without going over your server to see its setup, i cant really suggest anything more. 1. secure server. 2. check perms. 3. make sure programs are running latest version. |
#7
|
|||
|
|||
Thanks for your help.:up:
I am a newbie to all things "server-side" so it looks like I need to get out and find some help. |
#8
|
|||
|
|||
Your welcome.
|
#9
|
||||
|
||||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|