The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Preventative - How to avoid being Hacked by TeamPS i.e. p0wersurge
TheLastSuperman
Join Date: Sep 2008
Posts: 5,844
Hey vb.org members and coders! Not much to say except I have a beautiful wife, three fantastic kids North Carolina
No doubt some of you have already been defaced at some point in the past, what I aim to do is make a quick post letting you know a few simple tips to avoid or recover from this and also help you re-secure your site if you've recently recovered from such activity. Lately what I've noticed is on older versions namely pre 4.1.4 a group of hackers have been exploiting the Admin Username and Password through member groups and the search feature, granting them access to the forum in question to do so as they wish. The main goal of the information outlined below is to help you prevent this from happening by adding in some additional security to your admin and moderator control panels with .htaccess. Initially newer versions were not affected by this however after a recent post on vBulletin.org I'm not sure what other methods they are using - https://vborg.vbsupport.ru/showthread.php?t=275715 so let's go ahead and remedy this shall we? ____________________ If your currently secure: 1) .htaccess protect your admincp and modcp here are some useful links; .htaccess authentication generator: http://www.htaccesstools.com/htaccess-authentication/ .htaccess password generator: http://www.htaccesstools.com/htpasswd-generator/ Now if they are able to somehow obtain your primary admin account username and password they can only do so much damage... why? Well your admin control panel now requires a completely different username and password before you can even login, without server/ftp access they can never bypass this. ____________________ If you've been defaced: 1) Try restoring to a backup before you were hacked, if not possible recover the best way you can. 2) Change database passwords *Don't forget to update the config.php files for vBulletin and any other software running on your site. 3) Change FTP account passwords. 4) Change admin account passwords. 5) .htaccess protect your admincp and modcp here are some useful links; .htaccess authentication generator: http://www.htaccesstools.com/htaccess-authentication/ .htaccess password generator: http://www.htaccesstools.com/htpasswd-generator/ 6) Check to see if they added any admin accounts, on one site they changed the primary admin account name to what they desired and went so far as to re-create the admin accounts w/ the same details but no admin permissions to throw the site owners off for a little bit. 7) Use this guide and ensure your site is 100% clean - http://www.vbulletin.com/forum/blogs...iller/3934768- ___________________ *Use a entirely different username and complex password when creating the .htaccess and .htpasswd files. Also on that note, be sure the .htpasswd is stored above public_html i.e. in /home/accountnamehere/.htpasswds **Wayne Luke of the vBulletin.com team also posted some very sound advice here, please take the time to read his post - https://www.vbulletin.com/forum/show...=1#post2245651 |
#22
|
|||
|
|||
Quote:
I even had to manually change moderators passwords to ensure the hackers could not harm my forum until the original mods came back online. I would encourage you to do the same. Email all your members and explain what happened and make a compulsory password change immediately. Yes is was. Since I moved to LeetHost, I have had no issues with any kind of hacking. No DDoS, hacking, spam or anything. They are really secure. If you need any more info on this, let me know. |
#23
|
|||
|
|||
Quote:
|
Благодарность от: | ||
x iJailBreak x |
#24
|
||||
|
||||
Another important issue against hacking is the basic server configuration. One of the encountered problems are the Apache mpm_worker module together with fast-cgi, which eventually run a bit faster, but will not allow to sandbox virtual hosts.
In order to allow sandboxing virtual hosts, and thus avoid that other infected sites on a single server will spread over other domains, you should use mpm_prefork and then, in each virtual host configuration: Code:
<Directory /vhosts/domain.tld/httpdocs> php_admin_value open_basedir /vhosts/domain.tld php_admin_value upload_tmp_dir /vhosts/domain.tld/tmp # ... other settings </Directory> Code:
<Directory /vhosts/domain.tld/httpdocs> php_admin_value open_basedir /vhosts/domain.tld:/tmp # ... other settings </Directory> |
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|