Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 01-01-2013, 02:09 PM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default SERIOUS SECURITY ISSUE

I closed my site down for maintenance for 3 months due to bad coding, I bought the website about 12 months ago but couldnt cary on with all the errors.

I have fixed most part of the site but have now noticed when I go to register, in the "user name" box it is showing my database name, and in my password box.. im presuming its showing my database password!!

Where do I find how this is happening and how do I delete it?!?

Regards

Matt
Reply With Quote
  #2  
Old 01-01-2013, 02:20 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have the same issue if you disable hooks / plugins?
Reply With Quote
  #3  
Old 01-01-2013, 02:26 PM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thats something thats going to be almost impossible to check, the site has like... hundreds of plugins and hooks.

Guaranteed its probably one of the most hacked VB's you'd have seen and it isnt pretty.

Besides, it was all ok until I changed the database names... so it cant be plugins and hooks.

What file would i check, where would it pick this up from?

--------------- Added [DATE]1357054366[/DATE] at [TIME]1357054366[/TIME] ---------------

just searched the database and there no where that it stated the database name in any tables, i searched the templates and this is the same.

Is there a way to search the plugins?
Reply With Quote
  #4  
Old 01-01-2013, 02:33 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You'll have to globally disable plugins first to determine if the issue is a plugin or a template or injected code.

To disable the plugin/hook system completely without accessing the Admin CP options, you need to edit includes/config.php and add the following code:
define('DISABLE_HOOKS', true);
With this code in config.php, no plugins will run at all.

To re-enable the plugin system, remove the code again from config.php.
Reply With Quote
  #5  
Old 01-01-2013, 02:44 PM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

wow the forum looked BARE!!

tried that, and then went to register and its still there...

I appreciate you trying to help me here, very much appreciated.

I cant help but think its a php file, if i do a page source it tells it to include a cirtain controlling page which was created for the forum. To be honest, i dont wat to say too much on this site as its quite public.

--------------- Added [DATE]1357055317[/DATE] at [TIME]1357055317[/TIME] ---------------

in one of my main files, there are 20 instances of the database name... im gonna have to get this looked at properly i think this is terrible......
Reply With Quote
  #6  
Old 01-01-2013, 03:36 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Upload all files again and run upgrade.php see if that help make sure you disable all plugins and turn off forum first
Reply With Quote
Благодарность от:
In Omnibus
  #7  
Old 01-01-2013, 03:40 PM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

now, this is something id love to do.. im going to have to make some major backups though. The site is hacked to bits and im worried that if i upload new files itll completely break the site.

O well.... here goes.............
Reply With Quote
  #8  
Old 04-06-2013, 12:47 PM
Skivey Skivey is offline
 
Join Date: Jan 2008
Posts: 162
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Update on this problem, someone had changed the register.php to have global username and password for the DB which made it visible to people registering...

Blimeh!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:56 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08027 seconds
  • Memory Usage 2,222KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (1)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete