Hacker was able to edit one of my forums and redirect forum. (vb 3.6.3)

[Zachery]

Quote:

Originally Posted by HostileAdam

i just did.

A link please? Ticket ID? Bug Tracker Link? Forum Link?

[HostileAdam]

<a href="http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1184" target="_blank">http://www.vbulletin.com/forum/bugs3...iew&bugid=1184</a> | Bug ID: 1184 And my site has some warez and stuff on it and i dunno if i should post my forum link here unless u want me to PM u it?

[Zachery]

I've already responded to your bug/.

Do you have mod_security compiled into php? If you're running a site with a target audience like that, it might be in your best interest.

[HostileAdam]

Hmm where could i get this at?

[chanthuyen]

Reupload all files,
Check your host, maybe have remview file on your host.
Check the usertable database, may be hacker inserted an account in to your database.

Quote:

Originally Posted by HostileAdam

Hmm where could i get this at?

http://www.onlamp.com/pub/a/apache/2..._security.html

Also, run rkhunter from shell and see if it picks anything up, assuming you're running *nix.

[Mattimus1984]

Adam the first thing I saw was hacked on your site was your toplists.

[cyberphr]

I happened to run into this thread, so I thought I would update so there is no more need to reply.

The problem was apparently a shell script on the server, and nothing to do with vbulletin.

[s25]

Are you running a vunerable version of phpmyadmin?IN the last few months lots of sploits have been released for it (to the extent that i have removed phpmyadmin until it calms down a bit) Are you on a dedicated server? Probably somthing else the attacker got in through and I am placing my money on phpmyadmin or he bruteforced a mySQL pass.