Home Page Hacked

[fmckinnon]

boom-that was it. deleted both of them, upgraded to 4.2.1 and removed /install directory. Should that tighten things up?

[xenite]

Zachary, one of the support staff here, has shared this info:

Quote:

Originally Posted by Zachery

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

It's kind of generic but that is the best place to start. There are lots of other measures you MAY be able to take.

For example, I run a dedicated server and I have managed to lock it down in a lot of ways. I was simply not aware of this new INSTALL directory hack (Vbulletin for some reason can't allow me to change my email address for my membership so every time I turn off the old one I miss all their notices).

Anyway, you can lock down a server by using a firewall to block IP addresses that participate in brute force dictionary attacks (they try to log in to forums, blogs, and servers with random user names and passwords). You can disable FTP and SSH services when you are not using them (but if you run an HTTPS site you need to keep SSH active).

In VBulletin you can prevent people from changing your admin password but only if they cannot hack into your server (or server account on a shared server).

Passwords are harder to crack if they are 11 characters long (forget all the funky special characters -- they don't offer any additional protection).

If you can "salt" your passwords (by adding 2 or more characters to the passwords when they are stored in the database) you should.

However, if hackers can get into your server and download the encrypted password file they can crack all the passwords in a matter of hours or days (depending on how long the passwords are).

It really comes down to being prudent and diligent. You cannot always keep them out. There are a lot more of them out there trying to hack your site than there is of you (if that makes sense).

[Arrogant-One]

Yesterday or the day before my homepage got hacked. Arabic writing. I was on vB 4.1.12. I upgraded to 4.2.1, and FTP'd the files and then used the vB upgrade process. It worked. I then deleted the Install file from the FTP.

This should have solved the issue, but today, got hacked again. Gonna try the same process to see if I can get my forum back, but this time I cannot even access the Admin CP panel, a hacked page comes up

Quote:

Hacked by: ?l S?ni?r?? M?my

--------------- Added [DATE]1381269071[/DATE] at [TIME]1381269071[/TIME] ---------------

Turns out there were several Admin accounts I knew nothing of. Now those accounts, one of which was cleverly named vbsupport, have been deleted. Hopefully this solves the problem but if not, I am happy to share.