Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 10-21-2011, 03:54 PM
afmarko99's Avatar
afmarko99 afmarko99 is offline
 
Join Date: Jan 2007
Location: Louisiana
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Are any of the vB3 versions safe?

I had been running vB for 4 or so years with 3.6.8 and it was hacked last week. I spent about 20 hours over the past two days redoing my site and I happen to have 3.7.2 still available for download from vbulletin.com.

I installed that and my admin username and pass was hacked today.

It looks like I will have to renew my license if I don't want to get hacked. However, I am really starting to question the security of vB. It's obvious that at some point people will find a way to hack any version they produce. So we are all taking the chance running this software correct?

I mean someone has to get hacked for vB to figure out the security issues and then work on a patch?

I am really pissed right now.
Reply With Quote
  #2  
Old 10-21-2011, 05:20 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have modifications on your site? Are you keeping them up to date security wise? If you were running that old of a version and running modifications, then there could be any number of security issues.
Reply With Quote
  #3  
Old 10-21-2011, 06:49 PM
afmarko99's Avatar
afmarko99 afmarko99 is offline
 
Join Date: Jan 2007
Location: Louisiana
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just upgraded to 3.8.7 Patch Level 2.

I currently have the following mods installed:

NoSpam!
Stop the Registration Bots
vBadvanced CMPS

These mods are all updated to the latest version.

How has the security been with 3.8.7 PL2?
Reply With Quote
  #4  
Old 10-21-2011, 07:27 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have quite a few clients running 3.x sites, nearly all 3.8.7 PL2 however at some point the vBulleitn 3 series will reach EOL i.e. End of Life and that my friend is when security will become a issue... there won't be patches released and as new exploits/vulnerabilities are discovered they will not be patched. Is that soon or not? I'm not 100% sure when the exact date will be, none of us are but imo it will be sooner rather than later. So with that said... run 3.8.7 PL2 for now and prepare yourself for upgrading to vBulletin 4.x sometime soon and you should be good to go .
Reply With Quote
  #5  
Old 10-21-2011, 10:46 PM
afmarko99's Avatar
afmarko99 afmarko99 is offline
 
Join Date: Jan 2007
Location: Louisiana
Posts: 153
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My site was hacked again. Like earlier today they changed my admin account to the username 'hac' and changed the password. Im not home to upload tools.php and recover my name. I have email my host to shut the whole site down.

Where do I go from here?
Reply With Quote
  #6  
Old 10-21-2011, 11:22 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Three things I would do if you haven't already:

1. Be sure your user id is in the list of Undeletable/Unalterable Users in includes/config.php

2. Change the filepath to your adminCP in includes/config.php (and change the name of the directory on the server). Once you do this you can create your own link in your bookmarks. Check what the link to your adminCP is in the page footer and if it has changed to your new filepath remove it completely and use only your bookmarked link for access.

3. Check your Control Panel Log in adminCP, there you may find info on the hacker. Then in IP Deny Manager on cPanel ban the IPs of the hacker

EDIT: you can read IP addresses for the adminCP directly out of your database in the adminlog table and ban foreign IPs before you restore your forum.

EDIT2: you can edit your footer template directly in the database to remove the Admin link. Use the search feature in phpMyAdmin to find "footer"
Reply With Quote
2 благодарности(ей) от:
DEGE, rootsxrocks
  #7  
Old 10-22-2011, 12:45 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EaglezEye View Post
It's obvious that at some point people will find a way to hack any version they produce. So we are all taking the chance running this software correct?.
This is and always will be true of any software you run. And like any other software, vBulletin is about as "safe" as you make it.

It's silly to expect or demand otherwise, but as far as it goes, vBulletin is one of the hardest boards to "hack" there is. Most of the others, especially the free ones, are wet paper sacks, security wise.

There's all kinds of articles here and elsewhere about securing vBulletin. You might learn alot from them.

This is coming from a vBulletin owner who has had vBulletin up since 2005 and has never been "hacked" or defaced.

--------------- Added [DATE]1319248037[/DATE] at [TIME]1319248037[/TIME] ---------------

Quote:
Originally Posted by EaglezEye View Post
My site was hacked again. Like earlier today they changed my admin account to the username 'hac' and changed the password. Im not home to upload tools.php and recover my name. I have email my host to shut the whole site down.

Where do I go from here?
This is why the unalterable/undeletable user option in the configuration file exists.
Reply With Quote
  #8  
Old 10-22-2011, 01:10 AM
souperman souperman is offline
 
Join Date: Mar 2011
Posts: 131
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's normally not vb that has security issues, it's actually badly coded plugins. Not all, but some. Some plugins are small enough so you can review their code.

Like everyone suggested, just upgrade to 3.8.7pl2
Reply With Quote
  #9  
Old 10-22-2011, 02:58 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Check your access_logs and see how they got in.

Also, when you did your upgrade earlier, did you do this on a database backup from before you were hacked? Or did you go through the hacked database and make sure it was clean? And, did you change your server password? And any htaccess passwords?
Reply With Quote
  #10  
Old 10-22-2011, 04:35 AM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As Lynne said, check access_logs, they (he) could have uploaded a php shell, which allows editing of all files that are writeable, and some shells have the ability of altering the MySQL database, which could explain why your password was changed.

If that isn't the case, scan your PC with Malware Bytes and/or Spybot, your PC might have been infected by a keylogger or a similar program that could give out your passwords to the attacker.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:12 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06628 seconds
  • Memory Usage 2,254KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete