Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 12-27-2011, 03:50 AM
Zarxrax Zarxrax is offline
 
Join Date: Mar 2009
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default securing passwords

Ok, so my site was previously hacked, and I believe that the hacker probably got the md5 hashes of all the passwords, and is able to decrypt them.

Now assuming this, how do I move forward? I am taking every security measure possible while rebuilding my forum, but as long as the hacker already has those hashes, he could still compromise accounts once I am back up and running, right?
Is there anyway to re-hash those, or something, so that the data the hacker has would be useless?
Reply With Quote
  #2  
Old 12-27-2011, 10:28 AM
ShiningStar ShiningStar is offline
 
Join Date: Nov 2011
Location: Planet-$hining$tar
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Are You Sure the Hacker has those Passwords in decrypted Form?
It's not that much easy to decrypt,
Or may be just the Forum had been Defaced, nothing else?
Just Possibilities...
Forum can easily be Defaced by handling from the Same Server, they can read your Config.php & deface the Site by the Information of Database i.e. Database Name, Username & Password,
Simple way to Protect Config.php is that just change Permissions of Config.php file to 400
Reply With Quote
  #3  
Old 12-27-2011, 03:25 PM
Zarxrax Zarxrax is offline
 
Join Date: Mar 2009
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, no I don't know for sure that they obtained it, but I want to take every precaution. I did visit the hackers site and study what they do. I saw that it is possible for them to obtain the passwords and decrypt them.
Reply With Quote
  #4  
Old 12-27-2011, 03:38 PM
fishmaster fishmaster is offline
 
Join Date: Nov 2006
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Chmod to 400, good idea.

Any idea on how they did it?

Was it a plug-in?
Reply With Quote
  #5  
Old 12-27-2011, 03:44 PM
Zarxrax Zarxrax is offline
 
Join Date: Mar 2009
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, I was running a rather outdated version of the forum (my license for 3.x had expired, and I hadn't bought 4.x yet), so I'm sure there were plenty of security vulnerabilities in it. My database password was obtained from the config.php and then that was that.
I do know that the hacker obtained admin privileges on the board because right before it was defaced, some normal users were promoted to super moderators.
Reply With Quote
Благодарность от:
fishmaster
  #6  
Old 12-27-2011, 03:55 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I find adding cloudflare it allows you to block countries as well as ips good program
Reply With Quote
Благодарность от:
fishmaster
  #7  
Old 12-28-2011, 04:46 AM
fishmaster fishmaster is offline
 
Join Date: Nov 2006
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Peeping it out, hard to use with Vbulletin?
Reply With Quote
  #8  
Old 12-30-2011, 08:51 AM
ShiningStar ShiningStar is offline
 
Join Date: Nov 2011
Location: Planet-$hining$tar
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zarxrax View Post
Well, I was running a rather outdated version of the forum (my license for 3.x had expired, and I hadn't bought 4.x yet), so I'm sure there were plenty of security vulnerabilities in it. My database password was obtained from the config.php and then that was that.
I do know that the hacker obtained admin privileges on the board because right before it was defaced, some normal users were promoted to super moderators.
Yup, after getting Database info they can do almost everything what usually an Owner can do {downloading Database, editing tables so in this way promoting or demoting any member, or simply changing Admin's Email Address to their own so they could easily recover Password of Super Admin Too }, it usually takes a few minutes in making themselves Admin, but all that is possible only from that of the Server where you are Hosted & it's not a matter at all to know about other sites of the same server as well as to Hack any of the other Forum hosted on that server.
While Security issues aren't there in vBulletin itself, when it comes to 3X then using latest version i.e. 3.8.7 PL-2 may be the Best Idea {even I like to have & work in 3.8.7 },
So only Security from you can be that of the Securing Config.php file by it's permissions {some times 400 won't let Forum work, in this situation CHMOD 404 will be used also an extra step of decrypting config.php may be taken too} but still there's one more danger that of the Resellers Account if Your Reseller or Master Reseller of Your Reseller gets Hacked then any of the Precaution will become useless itself as that Hacker will be able to Access Your CPanel
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:55 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04395 seconds
  • Memory Usage 2,230KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (2)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete