Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 09-16-2011, 02:36 PM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default What to do for security when someone have access?

Hey guys Im very worry about that someone is posting on my site as any Staff he want on the Hidden staff section.....

He for somehow have make a back door or something to enter the forum and even be creative enough to login as any admin he want including me...

What can I do to prevent this or at least make it difficult for him...
He have access for Cpanel and server as I can see since he stated it in a post at the staff section below

Quote:
Originally Posted by hacker at my site
Cross scripting a VB site is not as easy as you think . Unless you been doing it for years. I don't care if you make a 70 digit password it can be cracked . There is a new way of hacking vB forums that no one waste there time brute forcing sites its a joke. I could walk in all 3 of your firewalls and do a head spend before you fingered out what happened.
He left me that note on the Staff section logged in as another Staff and then he replied back as me and 2 other staff members.

Now I ask, what can I do to prevent this. Is there something I can try to do with config. files ect.....?
Reply With Quote
  #2  
Old 09-16-2011, 02:48 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Talk to your host! Have them help figure out how you were compromised. Are you on a shared server? If so, it could be someone else's account that was compromised. But, definitely talk to your host and also go through your own access_logs looking for his IP (if he posted, then hopefully he used the same IP to hack you) and see what he's been up to.
Reply With Quote
Благодарность от:
FReeSTER
  #3  
Old 09-17-2011, 01:20 AM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is the funny thing Lynne, he have access to the forum and I dont think he have to the cpanel or server as I believe he all bs.. He just posted as me now. So my question is how in the world someone can know all the passwords for each user or login like me to post.

My best bet is he have a back door through the config.php file but again I dont think he have access to that part.

Is just so confusing that is getting of my nerves
Reply With Quote
  #4  
Old 09-17-2011, 03:09 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What version are you running and have you kept up-to-date with the security patches? You should be looking at your access_logs to see if he ran some script or what he did in order to get the passwords for your site.
Reply With Quote
  #5  
Old 09-17-2011, 11:29 AM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have vb4.1.3 version and yes I have been up to date on security files.
I will check on the admin logs and report back

And for passwords the only method that Im aware off it the queries system which he can do easily by logging in like me as I do have that option available. WoW I think i might have to get in as a hacker now to learn few of their tricks.

--------------- Added [DATE]1316263607[/DATE] at [TIME]1316263607[/TIME] ---------------

I do get this from the CP Logs for admin
SCRIPT -----------------Action--------Info
usertools.php ----------- doips--------- user id = 1
user.php ---------------- edit --------- user id = 1
user.php ---------------- --------- find


I always delete the install folder as well the the tools.php file I never have it on the forum unless I need to use it which is random
Reply With Quote
  #6  
Old 09-17-2011, 11:47 AM
Mooff Mooff is offline
 
Join Date: Mar 2010
Posts: 301
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Are you running php 5.3.7 by any chance?

This version has a bug in the encryption function, which could result in the following behaviour if i do understand that bug correctly. Whatever pw you type in it sends the same value (salt) instead of the encrypted pw. I also don't know if the encryption algorithm used by vbulletin would be affected by that.

Information given here (i googled a random english site, read about it on a german one).
http://www.v3.co.uk/v3-uk/news/21035...-bug-discovery


Anyway just a guess. It might help.
Reply With Quote
Благодарность от:
FReeSTER
  #7  
Old 09-17-2011, 12:19 PM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Mooff View Post
Are you running php 5.3.7 by any chance?

This version has a bug in the encryption function, which could result in the following behaviour if i do understand that bug correctly. Whatever pw you type in it sends the same value (salt) instead of the encrypted pw. I also don't know if the encryption algorithm used by vbulletin would be affected by that.

Information given here (i googled a random english site, read about it on a german one).
http://www.v3.co.uk/v3-uk/news/21035...-bug-discovery


Anyway just a guess. It might help.
Thank you mate I will look into it..

Thanks kindly
Reply With Quote
  #8  
Old 09-17-2011, 12:33 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you have the "Quick User Changer" hack, it's pretty easy for someone to gain access to ALL accounts if he gets access to a admin one. Just a thought.
Reply With Quote
  #9  
Old 09-17-2011, 01:10 PM
ReFuZe ReFuZe is offline
 
Join Date: Sep 2011
Posts: 35
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What`s your site called I can secure for you I dont do it for free i do it for 10 dollars but if you dont get it then you can pay me back anytime you want and my skype is nijyarj add me ill secure you
Reply With Quote
  #10  
Old 09-17-2011, 03:25 PM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
If you have the "Quick User Changer" hack, it's pretty easy for someone to gain access to ALL accounts if he gets access to a admin one. Just a thought.
Yeah I was thinking about this too and I do have it..

--------------- Added [DATE]1316276796[/DATE] at [TIME]1316276796[/TIME] ---------------

Quote:
Originally Posted by ReFuZe View Post
What`s your site called I can secure for you I dont do it for free i do it for 10 dollars but if you dont get it then you can pay me back anytime you want and my skype is nijyarj add me ill secure you
I wish I would have $ on my paypal right now mate but I dont. I was looking at your thread you did about this but I dont get few parts of it..

Will try it and let you know.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:49 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10055 seconds
  • Memory Usage 2,259KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete