Version: , by mrpotatohead
Developer Last Online: Mar 2009
Version: Unknown
Rating:
Released: 03-28-2007
Last Update: Never
Installs: 0
No support by the author.
Hi guys,
I got a message through PM today with the following contained:
Quote:
"Dear admin, thank you for your interest.
As you have read at www.paradox-security.de.vu I checked your homepage and found critical security holes.
Proof:
Your SQL Data of the forum
$config['Database']['dbname'] = **removed for purposes of post**;
$config['MasterServer']['servername'] = **removed for purposes of post**
$config['MasterServer']['port'] =**removed for purposes of post**
$config['MasterServer']['username'] = **removed for purposes of post**
$config['MasterServer']['password'] = **removed for purposes of post**
And a part of your document root structure:
[barcrawl] DIR 05.03.2007 19:44:19 joemcd/joemcd drwxr-xr-x Info
[bbwebsite] DIR 03.01.2007 17:06:42 joemcd/joemcd drwxr-xr-x Info
[celebritybb] DIR 03.01.2007 17:06:42 joemcd/joemcd drwxr-xr-x Info
[cgi-bin] DIR 01.08.2006 19:23:42 joemcd/joemcd drwxr-xr-x Info
[contact] DIR 03.01.2007 17:06:32 joemcd/joemcd drwxr-xr-x Info
[dump] DIR 03.01.2007 17:06:36 joemcd/joemcd drwxr-xr-x Info
[faq] DIR 03.01.2007 17:09:17 joemcd/joemcd drwxr-xr-x Info
[forums] DIR 18.01.2007 09:27:29 joemcd/joemcd drwxr-xr-x Info
[frozen-illusion] DIR 03.01.2007 17:09:17 joemcd/joemcd drwxr-xr-x Info
[frozenillusion] DIR 06.02.2007 22:39:18 joemcd/joemcd drwxr-xr-x Info
[jmcdesig] DIR 20.08.2006 12:47:31 joemcd/joemcd drwxr-xr-x Info
[jmcdesigns] DIR 03.01.2007 17:06:42 joemcd/joemcd drwxr-xr-x Info
[newsfeed] DIR 03.01.2007 17:06:37 joemcd/joemcd drwxr-xr-x Info
[newsletter] DIR 03.01.2007 17:09:12 joemcd/joemcd drwxr-xr-x Info
[nutv] DIR 08.03.2007 17:23:58 joemcd/joemcd drwxr-xr-x Info
[portal] DIR 03.01.2007 17:06:42 joemcd/joemcd drwxr-xr-x Info
[research] DIR 27.01.2007 16:12:06 joemcd/joemcd drwxr-xr-x Info
[sifr] DIR 03.01.2007 17:09:17 joemcd/joemcd drwxr-xr-x Info
This security hole is very critical as you can see, because the attacker hase complete Server access.
If you want to know more I?ll give you my paypal address to transfer the money (100 EUR), otherwise I wish you good luck, and I hope that I could help you.
greez
paradoX
Please don`t reply to this PM. For contact write an email."
What can I do to improve the security? Any idea what this security hole is?!
I'm changing all my passwords now...
- Joe
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
it is not a security hole, you have someone with ftp access to your server, and this is not related to vBulletin... ask your HOST to verify the accesses...
and how i read this, you hired a moron to check for your security, and he is proving his stupidity by telling you nothing about your security holes...
What you want to be asking yourself is, How did he get this info?
Quote:
Proof:
Your SQL Data of the forum
$config['Database']['dbname'] = **removed for purposes of post**;
$config['MasterServer']['servername'] = **removed for purposes of post**
$config['MasterServer']['port'] =**removed for purposes of post**
$config['MasterServer']['username'] = **removed for purposes of post**
$config['MasterServer']['password'] = **removed for purposes of post**
Could be done with a shell script, or if it is shared hosting there may be a permission issue allowing others on the same server/cluster read access to your files...hard to say.
Changing the passwords is the first step, next would be to review your log files from before you got that email. Look for odd requests that contain URL's or other data. It will take a bit but you may be able to locate how he got the info.
I agree that it seems like someone has ftp access to your site. Deifintely check with your hosting company. Post an update when you know whats going on.
Possible security hole Details »»
About Developer
Visit Web Site
No support by the author.
03-28-2007, 04:50 PM
