The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Help!!!!
i got hacked...
www.ripthemic.org any ideas on how to delete the html code? --------------- Added [DATE]1230668356[/DATE] at [TIME]1230668356[/TIME] --------------- ........................... |
#2
|
||||
|
||||
Your board looks fine.
|
#3
|
|||
|
|||
yeah i got it fixed....
then they hacked us again... vbfirewall prevented it 5 times... my server told me they inserted it into the database... any suggestions? can rss feeds do this? --------------- Added [DATE]1230773562[/DATE] at [TIME]1230773562[/TIME] --------------- now its the way it was before i got it fixed the last time... hacked again... |
#4
|
||||
|
||||
Do you have phpMyAdmin? And is it protected? Disable all your mods when you next put the site up also. See if they can hack the site with your mods disabled. And look for any suspicious files on the server.
|
#5
|
|||
|
|||
Have you checked your server logs???
|
#6
|
|||
|
|||
The first time this happened, i contacted my server and they fixed it...
they said it was injected into the database... the very next day(today)... I was hacked again... i have vbfirewall and... i received 5 emails saying it blocked 5 attempts from hacking... then it bypassed and now im hacked.... fixed it once, then they hacked again.... www.ripthemic.org heres wut it showed when prevented... 1||1230677435||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677439||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677448||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230734502||124.187.20.43||do=removesubscriptio n&t=3||http://ripthemic.org/forums/showthre...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 1||1230765308||67.167.16.183||do=viewsubscription| |http://www.ripthemic.org/forums/usercp.php||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2) is it possible that people are having problems with subscriptions because theres a security issue??? all the actions have to do with subscriptions and everyone is talking about having issues with subscriptions.... i have a feeling vbfirewall has a security issue and id hate to accuse the creator of vbfirewall but you cant put it past anyone these days... heres the link for vbfirewall https://vborg.vbsupport.ru/showthread.php?t=196791 |
#7
|
|||
|
|||
I think the server logs would be more telling. Oh I was looking at your site and you will find two more attempts with my IP, the last six digits are 180.113 probably because I tried to directly access the viewsubscription function.
|
#8
|
|||
|
|||
Quote:
no more attempts... |
#9
|
|||
|
|||
That vbFirewall mod looks fishy to me. If I were you I'd uninstall it and not rely on that.
|
#10
|
||||
|
||||
Read the vbfirewalled thread cuz I seem to recall them talking about problems with the subscriptions and a fix being posted. (sorry, I don't feel like reading it again.)
As suggested though, take a look at your server logs or ask your host to take a look at them and tell you how they are getting access to the database. |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|