Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #21  
Old 02-24-2002, 10:29 AM
JamesUS's Avatar
JamesUS JamesUS is offline
 
Join Date: Oct 2001
Posts: 347
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Don't worry - Chen has showed me and there is nothing to worry about. Your boards are secure
Reply With Quote
  #22  
Old 02-24-2002, 10:37 AM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks james. i came to the same conclusion. after discussing with ptbyjason for over 5hrs (reinstead him as admin, upgraded to 222, secured the folder admin) we tried to track down every event the hacker did. the only flaw we saw was this:
a hacker admin can delete the logs and change his identity in admin panel. is there a way that VB could save all this info to a log file that cannot be 'cleaned'? in this way in the event a board is hacked, the info can be retrieved, IP, etc. let me know please.
Reply With Quote
  #23  
Old 02-24-2002, 10:43 AM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can protect the admin log and only allow certain admins, or none at all, to prune it. This is done from config.php.
Reply With Quote
  #24  
Old 02-24-2002, 10:45 AM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i understand firefly. i was referring to the event a hacker could somehow gain access to your root.
Reply With Quote
  #25  
Old 02-24-2002, 10:50 AM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

for some reason, i still believe this was done from outside, not on the root. ptbyjason told me that all the hacker did was to show his hidden forums and delete the admin accounts and reinstead himself as admin. aparently, ptbyjason's site is very succesfull, he had his provider called and requested to have his site down by his competition. his site is:
http://www.anabolicreview.com

if the hacker had acces to the root, he would delete all site, is simplier and more efficient. what do you think?
Reply With Quote
  #26  
Old 02-24-2002, 11:16 AM
JamesUS's Avatar
JamesUS JamesUS is offline
 
Join Date: Oct 2001
Posts: 347
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's quite unlikely it was done from the outside, unless an older version of vBulletin was being used. The hacker may have had a reason to only do certain things rather than trash the whole forum...but we certainly don't know of any security risks with the latest vBulletin.

One way to find out would be to look at the apache server logs to see if any vb scripts were exploited to gain access...it's not a sure-fire way of telling but if it was done from the outside it was likely to be through that.

Also make sure that only scripts running on the local server can access MySQL...that's a huge security risk if that isn't the case. Check that out with the host to make sure that couldn't have been what happened.
Reply With Quote
  #27  
Old 02-24-2002, 11:32 AM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

pybyjason had 2.03 installed. i got him upgraded to 222. he downloaded himself the latest version from vb.com members area.
do you know if he opened a support ticket for this matter?
Reply With Quote
  #28  
Old 02-24-2002, 01:03 PM
Wolf42's Avatar
Wolf42 Wolf42 is offline
 
Join Date: Nov 2001
Location: Vienna, Austria, Europe
Posts: 150
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by PPN
Simpliest way to do something like this is use

PHP Code:
if(!strstr("$_SERVER[PATH_TRANSLATED]""$_SERVER[DOCUMENT_ROOT]")) {
die();

Hhmmm....
If I add this on top of my config.php the only thing happen is that it is show in the header.

And this error will be shown:
Code:
if(!strstr("$_SERVER[PATH_TRANSLATED]", "$_SERVER[DOCUMENT_ROOT]")) { die(); } 
Warning: Cannot add header information - headers already sent by (output started at /home/www/*****/forum/admin/config.php:5) in /home/www/*****/forum/admin/functions.php on line 1603
Sorry for editing the real Server-Path
Reply With Quote
  #29  
Old 02-24-2002, 01:11 PM
Scott MacVicar Scott MacVicar is offline
 
Join Date: Oct 2001
Location: Glasgow, Scotland
Posts: 1,199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

this presumes your running php 4.1.0 or greater

you'll need to use $HTTP_SERVER_VARS instead of $_SERVER
Reply With Quote
  #30  
Old 02-24-2002, 01:11 PM
Scott MacVicar Scott MacVicar is offline
 
Join Date: Oct 2001
Location: Glasgow, Scotland
Posts: 1,199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

em one question your adding this below the <? tags right?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:48 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04393 seconds
  • Memory Usage 2,249KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete