Go Back   vb.org Archive > Community Central > Community Lounge
Reload this Page My Site Got Hacked Today
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #41  
Old 03-12-2013, 09:18 AM
Harpo's Avatar
Harpo Harpo is offline
 
Join Date: Dec 2011
Location: Canada
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi OP. sorry about your website. I hope you do well in life.
Reply With Quote
  #42  
Old 04-02-2013, 01:03 PM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My site got hacked yesterday.

The Hosting provider (webhostinghub.com) said it's a vB issue.

The symptom was that nobody could log in, not even Admin (myself) but the site was readable.

Why on Earth vB can not provide a function such as "restartable copy of site" that can download a snapshot of the site to a local PC?

Now I am going through the hoops and people running their sites by free software , not vB, could be laughing at me and our entire community.

Why is hacking so easy with vB? No tools on my site, all by the book.
Reply With Quote
  #43  
Old 04-02-2013, 03:13 PM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by loua_oz View Post
My site got hacked yesterday.

The Hosting provider (webhostinghub.com) said it's a vB issue.

The symptom was that nobody could log in, not even Admin (myself) but the site was readable.

Why on Earth vB can not provide a function such as "restartable copy of site" that can download a snapshot of the site to a local PC?

Now I am going through the hoops and people running their sites by free software , not vB, could be laughing at me and our entire community.

Why is hacking so easy with vB? No tools on my site, all by the book.
You should really start your own thread if you're asking for support.

Any website can get hacked, even free ones. :up:
Reply With Quote
  #44  
Old 04-03-2013, 01:01 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I am not asking for support.
Restored (still in process) from backups but with nothing changed nor improved, the hackers can walk in at any time again.
Reply With Quote
  #45  
Old 04-03-2013, 04:25 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by loua_oz View Post
...............the site was readable.

Why on Earth vB can not provide a function such as "restartable copy of site" that can download a snapshot of the site to a local PC?......
They do, if your site was readable then all you had to do was upload tools.php, repair your access and you're back in!

If you have all the latest patches, no extra add-ons...etc and it's a bog standard forum then it's either a very insecure admin password thats been discovered or they've accessed your server by poor ftp password, insecure folder permissions or if your on a shared server via some other vulnerability on the server maybe via another user.
Reply With Quote
Благодарность от:
TheLastSuperman
  #46  
Old 04-03-2013, 07:20 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks, I did not know that (that tools.php) can be used to do a snapshot. Never actually seen what it looks like, never started it, just removed from the site.

It is a shared server. The pasword, although not easy, could have been cracked by some automated procedure.
Changed them all today, for site, for ftp for hosting control panel.

The site is up and running now, fully restored. What they did this morning was to insert some malware. Several members who know my private email address reported that their computers are warning them about malware (the hackers placed it in index.php, even word "Russia" was readable among other things)
Reply With Quote
  #47  
Old 04-03-2013, 07:36 PM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
tools.php doesn't do a snapshot, if you're locked out for whatever reason, database issues...etc then you upload tools.php and you can gain access, you wouldn't have had to do a restore from back up. It appears your backup has the malicious code already injected.

Download your entire directory and scan it on your pc at the very least.
Reply With Quote
  #48  
Old 04-04-2013, 12:38 AM
DragonByte Tech's Avatar
DragonByte Tech DragonByte Tech is offline
 
Join Date: Feb 2010
Location: Scotland
Posts: 8,814
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Bear in mind it's possible the server itself was compromised - if another site on the server was hacked symlink means all sites on the server are now vulnerable.
Reply With Quote
  #49  
Old 04-04-2013, 03:28 AM
loua_oz loua_oz is offline
 
Join Date: Dec 2010
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
backup does not have the infected file - it was newly created index.php which is 5Kb, the original one is 1.99Kb. Not knowing what else could be infected, restored the whole lot.
While the site had the contaminated file, Google bots found it and inserted my site into "known malware distributors", warning people not to enter.
Now I am getting it removed from there.
Reply With Quote
  #50  
Old 04-04-2013, 03:50 AM
Lionel Lionel is offline
 
Join Date: Dec 2001
Location: Delray Beach, Florida
Posts: 3,277
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I had a customer with a similar problem. The malware came in via Word Press
Reply With Quote
Reply
Page 5 of 6 « First 34 5 6

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:30 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04227 seconds
  • Memory Usage 2,249KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete