The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#41
|
|||
|
|||
Interesting. Sounds like he is saying the script he used to exploit the site was already installed elsewhere on the server. Quite bummer.
For reference, I host with Hostgator (dedicated server) and after getting hacked a few times in the past (uploading the .txt shell script files) I had them install mod_security and use the same ruleset they use on their public hosting servers. So far I have not been exploited since. |
#42
|
|||
|
|||
Quote:
It simply means that your host has not secured the shared server you are on. Other customers of this host can read your files. As long as this is possible, nothing you do will stop someone: Solutions: - Contact your host and have them bring their security up2date. - Change host!!!! |
#43
|
|||
|
|||
As far as I know this has nothing to do with plugins... This happened to two of my forums. I upgraded to the latest version and it just happened again... I host with Rackspace which went over my machine looking for vulnerabilties the first time this happened...
I think it is a whole in vbulletin. Is there a way to lock the spacer_open table in the database to stop them from inserting their code? --------------- Added [DATE]1223661876[/DATE] at [TIME]1223661876[/TIME] --------------- this is a pretty decent size vulnerability... happened to me again... |
#44
|
|||
|
|||
I am having the same problem with been hacked very often by placing a base64 code.. Have we found a fix. I changed hosters, did a cleaned install of 3.73PL1, and still been able to be hacked.
|
#45
|
|||
|
|||
Just to be extra safe guys make sure you Check your file/folder permissions.
FILE permissions shouldn't be higher than 644 FOLDER permissions shouldn't be higher than 755 |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|