Forum hacked, restored, now showing bare index

[cellarius]

Quote:

Originally Posted by loua_oz

Let's see why this debate is ridiculous: because coders and VB staff participating here have not told us (may well be news to them) that plain text database admin user name and password in

/includes/config.php

are used when initially creating the database from the sheet supplied for paid install or from own notes. Some may stay with that password, most would change it.

So - now you're accusing vB staff of hacking your board? That's ridiculous. Believe me, all of your discoveries are nothing new to anyone here. Every single customer who has read the installation instructions and installed vB knows config.php and it's contents, because everyone has edited it themselves. Also, everyone who has only the slightest clue of web development knows that and why you need such files.

Quote:

Just changed my cPanel, mail and database passwords and in

/includes/config.php

the password is the same as it was upon creation, should not be valid. But the site does not care

Then you did not change the password of the database vB uses. Period. If you change the database password, and do not edit it in config.php accordingly, the site will stop working and throw database errors. Just give it a try. Change your password in config.php to something random, and your site will break immediately.

Quote:

That is another question: why is it then in /includes, why not in /install and removed before the site is powered up?

Because, as any other webscript, vB requires certain basic access data in order to work. If you remove config.php, your site will break. Again: Just try it. Delete (or better: rename) config.php. Your site will break immediately.

You're lashing out at everyone and everything here, making wild accusations, yet obviously having only very limited knowledge of what you're talking about.

It's sad that you have been hacked numerous times, but it will not help you at all if you're pointing at a perfectly normal file with perfectly normal contents.

You really need to understand this: If someone is able to read the contents of your config.php, you already have been hacked. It's too late.

Step back, calm down, breath through. There's people here trying to help you, and you're lashing out at them in a way that is really not called for.

[loua_oz]

True, renaming config.php stopped the site.

Then, my provider is telling me what is either not true or I don't understand

You have changed password for

ftp
mysql
mail

Sorry if I have left that taste of lashing on everyone, my apologies.

[TheLastSuperman]

Its ok loua you're frustrated, we understand and we really just want you to understand so its easier on you despite some of our comments always take them with a grain of salt my friend .

- Think of it this way, yes you're right its stored right there in the file but how can they get to it using my example above? If anyone could simply download that file hackers would be taking down sites by the second, most software vBulletin, IPB, even free phpBB forums, Wordpress, the lot of them all use some form of configuration file where the details are stored.

Regarding your issue: Yes, if you went into cpanel and changed the database users password, then nothing "automatically" changed it everywhere else for you so with that being said hurry and edit config.php with the new password and it should come right back up . Also you cannot simply rename config.php to another name unless you make other file edits, best to leave it as-is unless testing as Cell mentioned above. One other thing to mention is, whomever setup the forum initially had to manually rename config.php.new to config.php, then edit the file and enter in your database name, username, and password to the database so that is why most of us were shocked by your statements - we just couldn't figure out why this was just now surprising you... I see where you were coming from, sure its thinkable but glad we steered you in the right direction!

[cellarius]

Without knowing what exactly you asked your provider, what you did in cpanel, and what exactly their answer was we really can't comment properly. No offense, but from the course of this thread I tend to believe that there may be some misunderstandings on your part.

It really seems your site (including the database, not only the files!) was never properly scanned for hidden backdoors etc. after the first attack. As others have speculated, I would assume that all those attacks may be follow-ups. Whatever your password, however secure, if there's some sort of backdoor present, it won't help you (since they don't have to get in, they are already in - all the time). But all of this has nothing to do with config.php, really.

[X-or]

the only one time i got hacked was because i used a malicious ftp client

use only filezilla downloaded from their official site

could also be a password stealer or other types of malware on your computer

do you use cracked apps or games downloaded from p2p sites? obviously you'll answer you don't but for the record they're almost always infected with malware

[HM666]

Quote:

Originally Posted by X-or

the only one time i got hacked was because i used a malicious ftp client

use only filezilla downloaded from their official site

could also be a password stealer or other types of malware on your computer

do you use cracked apps or games downloaded from p2p sites? obviously you'll answer you don't but for the record they're almost always infected with malware

I'm sorry but this has nothing to do with a FTP client. There are many clients that work just fine. I use FlashFXP and have used it for 15 years and NEVER had the FTP client cause an issue elsewhere on ANY server. Whatever you downloaded and installed may have had a virus in it but I would imagine it would effect your PC although I do not doubt its possible to somehow infect your server I think that it is not really probable that this is a FTP client issue for the OP.

Also cracked programs have nothing to do with what the OP is talking about. I'm not really sure where you are going here.

[X-or]

Quote:

Originally Posted by squidsk

That's normal because you should have an .htaccess or equivalent that denies access to files within the includes directory. Where else would you store it? You can't store it in the db because you need the db username and password to access the db.

You missed his point which is the password isn't crypted.

Quote:

Originally Posted by HM666

Also cracked programs have nothing to do with what the OP is talking about. I'm not really sure where you are going here.

you don't see how malwares such as password stealers could have caused op problems? well....

[squidsk]

Quote:

Originally Posted by X-or

You missed his point which is the password isn't crypted.

Not really you missed that point that if the file is not accessible the password within the file does not need to be encrypted because no one can access it to see it. You only need to encrypt things if you don't want others who are looking at it to be able to see what it is. Since no one can look at it, in a properly configured setup, why would it be encrypted as all that does is add unneeded overhead to every single page view.

--------------- Added [DATE]1441914930[/DATE] at [TIME]1441914930[/TIME] ---------------

Quote:

Originally Posted by loua_oz

That is another question: why is it then in /includes, why not in /install and removed before the site is powered up?

Because for every action on the site, whether its to login, view a page, create a thread, make a post, all require db access, which requires the credentials (username, passoword) so the credentials need to be accessible.

[X-or]

Quote:

Originally Posted by squidsk

Not really you missed that point that if the file is not accessible the password within the file does not need to be encrypted because no one can access it to see it. You only need to encrypt things if you don't want others who are looking at it to be able to see what it is. Since no one can look at it, in a properly configured setup, why would it be encrypted as all that does is add unneeded overhead to every single page view.

I guess you don't know much about security

why do you think htaccess encrypts passwords? just for teh phun?

not using encrypted passwords means that if the ftp is compromised then the database is automatically compromised as well, it wouldn't be the case with encrypted password, think before you type something really stupid

the only reason i can see for vbulletin to not use encrypted passwords is for customer convenience, but convenience is often the worst enemy of security

[alcazarx]

Do you know about security?

htaccess doesnt encrypt passwords, its just a file with some rules in it.
It can use them using htpasswd.

Quote:

not using encrypted passwords means that if the ftp is compromised then the database is automatically compromised as well, it wouldn't be the case with encrypted password, think before you type something really stupid

If you read some posts before you should know that if a hacker has access to your webspace / shell / hosting panel etc. plain text files are your least problem.
Even if you would encrypt the content, it has to be decrypted to make use of it. So can the hacker, since he can find the algorithm used in the files.

And as said here, most, if not all scripts (Forum, Chat, CMS, Blog etc.) that use a database store their config data plain text in files, so its not "vB only" problem.