The Arcive of Official vBulletin Modifications Site.

Mosser · #1 11-06-2002, 11:52 PM

I know this is the wrong sort of hack for the forum, but i wondered if anyone knows how i can stop or at least trace (ip address) hackers that get into our forum with admin permissions or more recently access our web host using FTP and modify our php scripts sometimes deleting critical lines of code, we have just lost our members online stats on the front page and i have found the lines that were deleted and restored them but it is very time consuming to check everything and find the damaged script files

If anyone knows of any relevant hacks that would make our BB more secure or alert me to unauthorised access (especially FTP access to our web space!) then can you please let me know

Cheers

PS if i have posted this in the wrong forum please move it to the appropriate forum

Erwin · #2 11-07-2002, 09:14 AM

Change the passwords!

.htaccess password-protect your /admin subdirectory.

.htaccess password-protect phpMyAdmin.

How do these guys get admin access??? Make it so that only you can access the admin cp - install an admin security hack that you can find in Full Releases.

Mosser · #3 11-07-2002, 09:44 AM

Thanks for the help, all i have to do is find out how to do them!! (shouldnt be too difficult though),

I'm not at all sure how its being done, but i think the scripts are being modified directly rather than using the control panel, the logs are only accessible by me and i'm the only one that can change them and i am seeing wuite a few IP's that i dont recognise but nothing malicious is being done through the CPanel according to the logs

Its very strange!!

Erwin · #4 11-07-2002, 09:46 AM

Ban those IPs if you are certain they are malicious.

Get your host to check the server logs, or do it yourself if it's your server.

Change your FTP username and password!!! And your site Admin CP username and password!!! Tell your host!!!

Mosser · #5 11-07-2002, 09:55 AM

Problem with changing the FTP user name and PW is that a lot of parts of the site are run by helpers that need access to do their bit to help (i dont have enough time to do it all) so the security can never be 100%, I know this is a security flaw, bit there's not much i can think of that can be dont to trace ftp access into the site?

IP banning doesnt seem to work because most technical people know how to change their ip address with in a couple of minutes if they need to

Its on a shared server, not sure if we have access to any access logs, i will check into that

cheers

NTLDR · #6 11-07-2002, 10:34 AM

Remember you have an Admin Log in the ACP too, which records everything that happens in there and logs the IP too

Erwin · #7 11-07-2002, 06:40 PM

Shared servers are intrinsically insecure, for various reasons.

That is very dangerous, sharing your FTP access with others.

I keep mine top secret, with only me with access.

If you share your FTP access, and if you insist in not changing your password, then no one can help you stop your site from being hacked again and again, since someone out there knows the password obviously.

KaiN6993 · #8 11-08-2002, 01:20 AM

Quote:

Originally posted by Erwin
Shared servers are intrinsically insecure, for various reasons.

That is very dangerous, sharing your FTP access with others. I keep mine top secret, with only me with access.

If you share your FTP access, and if you insist in not changing your password, then no one can help you stop your site from being hacked again and again, since someone out there knows the password obviously.

Could'nt have said it better myself, if you want your site protected, Noone but you should have access to any admin or ftp info :smoke:

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.09267 seconds Memory Usage 2,225KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!