Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2008, 03:40 AM
shortbus1662 shortbus1662 is offline
 
Join Date: Oct 2004
Location: Enid, OK
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default help, site hacked, 2nd vb site in a week, same hacker

http://www.ultimatenurse.com/forum/

It's the same damn people that hacked my
http://www.huntandfishfinders.com/forum

the hunt/fish site is on 3.6.4
the nursing site is on 3.6.8

Is there a mod/hack that has had a vulnerability in it discovered recently that I don't know about?

--------------- Added [DATE]1199341772[/DATE] at [TIME]1199341772[/TIME] ---------------

anyone?

I know it hasn't been very long at all but I really need to get this figured out before another one of my sites gets hacked.
Reply With Quote
  #2  
Old 01-03-2008, 04:43 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It might help if you are more specific about exactly what the hacker did - like did he delete the database, change the templates, delete the files, exactly what is done to the site (yes, I can see the page, but what happened to vbulletin).

Also, you may want to compare hacks on the two sites and see which are common between the two.
Reply With Quote
  #3  
Old 01-03-2008, 04:49 AM
Michael Biddle Michael Biddle is offline
 
Join Date: Apr 2004
Location: Anaheim, CA
Posts: 774
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What mods do you have on both?
Reply With Quote
  #4  
Old 01-03-2008, 04:57 AM
shortbus1662 shortbus1662 is offline
 
Join Date: Oct 2004
Location: Enid, OK
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm trying to figure out which hacks they have in common.

If you saw that nursing site, he somehow got the forum to completely disappear. On the hunting site, it was like he was just able to hack the header somehow, but it appeared to only the stylesheet.
Reply With Quote
  #5  
Old 01-03-2008, 05:14 AM
sturdy sturdy is offline
 
Join Date: Aug 2005
Posts: 67
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The VB is secure I think, otherwise we should have lots of more hacking-complaints, it must be some of your hacks....

However .. its a nice defacement.
Reply With Quote
  #6  
Old 01-03-2008, 08:49 AM
shortbus1662 shortbus1662 is offline
 
Join Date: Oct 2004
Location: Enid, OK
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

they've hacked my hunting site again. Sigh!

VBSEO 3.0 RC5 could be it.

I don't know that there are any hacks on there now other than vbadvanced.

I'm not using that on my nursing site anymore though.

if you look, they aren't hacking the home page, just the forum, even though it's powered by vbadvanced.
Reply With Quote
  #7  
Old 01-03-2008, 09:01 AM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Are you sure they don't have access at another level to do it?
Reply With Quote
  #8  
Old 01-03-2008, 09:02 AM
Animecraving Animecraving is offline
 
Join Date: Nov 2007
Posts: 126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

.....check your chmod btw... chmod can kill your site you know..
and btw... how did they hacked? like deleted your content? or something?
Reply With Quote
  #9  
Old 01-03-2008, 03:19 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have you checked your logs to see if they are logging in via ssh? Or via the admin panel? I think you really need to figure out how they are getting onto your sites before you can fix this.
Reply With Quote
  #10  
Old 01-09-2008, 05:26 PM
shortbus1662 shortbus1662 is offline
 
Join Date: Oct 2004
Location: Enid, OK
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it was according to my host a security flaw in vbgallery.

I guess this confirms it:

http://www.photopost.com/forum/showthread.php?t=134910
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:26 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06317 seconds
  • Memory Usage 2,241KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete