Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Th3H4ck hacked hundreds of VB forums over the last two days.
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Closed Thread
Page 10 of 11 « First 89 10 11
 
Thread Tools Display Modes
  #91  
Old 09-19-2013, 06:19 AM
mrdiger mrdiger is offline
 
Join Date: Sep 2010
Posts: 34
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Also found my site hacked today! (only front page, forums still works)
I run 4.1.1

Any idea what i can do to fix this?

Thanks alot!!


This is what they did, cp log:
Quote:

15389 N/A 04:08, 19th Sep 2013 admincalendar.php modify 36.74.252.52
15388 N/A 04:08, 19th Sep 2013 admincalendar.php update 36.74.252.52
15387 N/A 04:07, 19th Sep 2013 admincalendar.php add 36.74.252.52
15386 N/A 04:07, 19th Sep 2013 admincalendar.php modify 36.74.252.52
15385 N/A 04:07, 19th Sep 2013 plugin.php doimport 36.74.252.52
15384 N/A 04:07, 19th Sep 2013 plugin.php files 36.74.252.52
15383 N/A 03:18, 19th Sep 2013 plugin.php 65.49.14.143
15382 N/A 03:18, 19th Sep 2013 plugin.php doimport 65.49.14.143
15381 N/A 03:18, 19th Sep 2013 plugin.php files 65.49.14.143
15392 N/A 04:08, 19th Sep 2013 faq.php insert 36.74.252.52
15391 N/A 04:08, 19th Sep 2013 faq.php add 36.74.252.52
15390 N/A 04:08, 19th Sep 2013 admincalendar.php edit calendar id = 2
  #92  
Old 09-19-2013, 06:53 AM
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
Posts: 1,128
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Paul M View Post

Maybe you should get facts right before making silly statements.

There was an e-mail .
But not till a week after vB published it over on vB com
Why did it take a week Paul for the e mail to be sent after the Thread was made on vB com?
  #93  
Old 09-19-2013, 07:22 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I wonder if VB staff get fired for telling customers they are silly. In my company he would be history and marched out with security escort that minute.

Amateurs, should not comment, have to set some place where official comment is given.
  #94  
Old 09-19-2013, 07:26 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by xenite View Post
Sorry. It's the CONTROL PANEL LOG that will tell you anything useful. (ON EDIT: About the IP address they used.)
CP transaction log, 3 pics. N/A is his user name (or instead of it).

Last picture is when he actually disabled admin account (played a clip when trying to enter Admin) but the site was working.
Attached Images
File Type: jpg 2013hack01.jpg (40.9 KB, 0 views)
File Type: jpg 2013hack02.jpg (23.2 KB, 0 views)
File Type: jpg 2013hack03.jpg (31.4 KB, 0 views)
  #95  
Old 09-19-2013, 12:20 PM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
vB staff, provide some sweep that would tell your paying customers what is wrong with their sites.
Your product, easily hacked, even for fun, may have deprived some of your customers of their bread.

As it is now, you (vB) are out of business and possibly out of your jobs.
  #96  
Old 09-19-2013, 12:26 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You mean the giant guides that have been repeatedly posted on vBulletin.com and .org about how to find whats wrong, and fix your site?


Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

If you're actually looking for support, vBulletin.com forums, and or the members area would be the correct place to post.
  #97  
Old 09-19-2013, 12:38 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
  
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by loua_oz View Post
I wonder if VB staff get fired for telling customers they are silly. In my company he would be history and marched out with security escort that minute.

Amateurs, should not comment, have to set some place where official comment is given.
Paul is hardly an amateur and everyone is entitled to their own opinions.

Quote:
Originally Posted by loua_oz View Post
vB staff, provide some sweep that would tell your paying customers what is wrong with their sites.
Your product, easily hacked, even for fun, may have deprived some of your customers of their bread.

As it is now, you (vB) are out of business and possibly out of your jobs.
I understand you're upset however this is vbulletin.org, we are simply here to assist with the modifications listed on this site not to bash on the product/company itself.

Ladies and Gentlemen, this type of stuff happens on occasion with virtually all online software at some point in it's lifetime if not multiple times and yes that includes php/apache that runs on your server and allows vBulletin, wordpress, and countless other software to run, vulnerabilities/exploits can exist on more than one level. When you're hacked it's very unfortunate and often times more than simply upsetting if data is lost however the best thing to do in a situation like that is to focus, fix your site first then worry about posting opinions - we are all entitled to them but be sure you take care of business first i.e. your site and also direct your anger accordingly .
  #98  
Old 09-19-2013, 12:38 PM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Zachery View Post
You mean the giant guides that have been repeatedly posted on vBulletin.com and .org about how to find whats wrong, and fix your site?


Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

If you're actually looking for support, vBulletin.com forums, and or the members area would be the correct place to post.
A blatant, fundamental lack of understanding what the term "customer" means.

I don't need support, I want the product that I have bought to function properly. Not to be redirected to lessons.

I can teach you one: the biggest asset any company has are their customers. Thousands of talented people found themselves out of their jobs because there were no customers for whatever they were making.

Where is a tool that every customer of vB can run and see if they are in danger?
Providing you have any idea what the dangers could be.

Shame on you.
  #99  
Old 09-19-2013, 12:45 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You know what, never mind.
  #100  
Old 09-19-2013, 12:51 PM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by TheLastSuperman View Post
Paul is hardly an amateur and everyone is entitled to their own opinions.



I understand you're upset however this is vbulletin.org, we are simply here to assist with the modifications listed on this site not to bash on the product/company itself.

Ladies and Gentlemen, this type of stuff happens on occasion with virtually all online software at some point in it's lifetime if not multiple times and yes that includes php/apache that runs on your server and allows vBulletin, wordpress, and countless other software to run, vulnerabilities/exploits can exist on more than one level. When you're hacked it's very unfortunate and often times more than simply upsetting if data is lost however the best thing to do in a situation like that is to focus, fix your site first then worry about posting opinions - we are all entitled to them but be sure you take care of business first i.e. your site and also direct your anger accordingly .
Yet another confirmation vB staff do not understand what a product means. Theirs appears to be a Mickey Mouse, any kid can hack it. As they have, are doing, and will be doing.

Make vB free and then OK.
Charge for it, you may be in court, in the dock.
Closed Thread
Page 10 of 11 « First 89 10 11

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:49 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07347 seconds
  • Memory Usage 2,278KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete