Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 12-30-2008, 05:18 PM
RTMdotORG RTMdotORG is offline
 
Join Date: Dec 2008
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Help!!!!

i got hacked...

www.ripthemic.org

any ideas on how to delete the html code?

--------------- Added [DATE]1230668356[/DATE] at [TIME]1230668356[/TIME] ---------------

...........................
Reply With Quote
  #2  
Old 12-31-2008, 05:19 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Your board looks fine.
Reply With Quote
  #3  
Old 12-31-2008, 11:31 PM
RTMdotORG RTMdotORG is offline
 
Join Date: Dec 2008
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah i got it fixed....
then they hacked us again...
vbfirewall prevented it 5 times...
my server told me they inserted it into the database...
any suggestions?
can rss feeds do this?

--------------- Added [DATE]1230773562[/DATE] at [TIME]1230773562[/TIME] ---------------

now its the way it was before i got it fixed the last time...
hacked again...
Reply With Quote
  #4  
Old 12-31-2008, 11:52 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have phpMyAdmin? And is it protected? Disable all your mods when you next put the site up also. See if they can hack the site with your mods disabled. And look for any suspicious files on the server.
Reply With Quote
  #5  
Old 01-01-2009, 12:19 AM
dyna88 dyna88 is offline
 
Join Date: Dec 2006
Location: Wisconsin
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have you checked your server logs???
Reply With Quote
  #6  
Old 01-01-2009, 12:22 AM
RTMdotORG RTMdotORG is offline
 
Join Date: Dec 2008
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The first time this happened, i contacted my server and they fixed it...
they said it was injected into the database...
the very next day(today)...
I was hacked again...
i have vbfirewall and...
i received 5 emails saying it blocked 5 attempts from hacking...
then it bypassed and now im hacked....
fixed it once, then they hacked again....
www.ripthemic.org

heres wut it showed when prevented...

1||1230677435||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
1||1230677439||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
1||1230677448||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
1||1230734502||124.187.20.43||do=removesubscriptio n&t=3||http://ripthemic.org/forums/showthre...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
1||1230765308||67.167.16.183||do=viewsubscription| |http://www.ripthemic.org/forums/usercp.php||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2)


is it possible that people are having problems with subscriptions because theres a security issue???

all the actions have to do with subscriptions and everyone is talking about having issues with subscriptions....

i have a feeling vbfirewall has a security issue and id hate to accuse the creator of vbfirewall but you cant put it past anyone these days...

heres the link for vbfirewall
https://vborg.vbsupport.ru/showthread.php?t=196791
Reply With Quote
  #7  
Old 01-01-2009, 12:44 AM
dyna88 dyna88 is offline
 
Join Date: Dec 2006
Location: Wisconsin
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think the server logs would be more telling. Oh I was looking at your site and you will find two more attempts with my IP, the last six digits are 180.113 probably because I tried to directly access the viewsubscription function.
Reply With Quote
  #8  
Old 01-01-2009, 12:49 AM
RTMdotORG RTMdotORG is offline
 
Join Date: Dec 2008
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dyna88 View Post
I think the server logs would be more telling. Oh I was looking at your site and you will find two more attempts with my IP, the last six digits are 180.113 probably because I tried to directly access the viewsubscription function.
nope...
no more attempts...
Reply With Quote
  #9  
Old 01-01-2009, 01:50 AM
sparklywater sparklywater is offline
 
Join Date: Jun 2008
Posts: 248
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That vbFirewall mod looks fishy to me. If I were you I'd uninstall it and not rely on that.
Reply With Quote
  #10  
Old 01-01-2009, 02:32 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Read the vbfirewalled thread cuz I seem to recall them talking about problems with the subscriptions and a fix being posted. (sorry, I don't feel like reading it again.)

As suggested though, take a look at your server logs or ask your host to take a look at them and tell you how they are getting access to the database.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:49 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04680 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete