Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page style hacking
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 12-26-2008, 10:54 AM
3ashek 3ashek is offline
 
Join Date: Apr 2007
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default style hacking
hello

I have a big problem with the vbulletin forums

I have a webhosting and I founf every day about 5-6 forums have hacked .

the hacking comming on the style for the forum . They just change the formhome template .

but I found this problem every day on all the vbulletin versions from 3.6.x to 3.8.0

please help me to find a solution for this .
Reply With Quote
  #2  
Old 12-26-2008, 11:35 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Can you post URL to such boards?

Are they all on the same server?
Reply With Quote
  #3  
Old 12-26-2008, 11:37 AM
3ashek 3ashek is offline
 
Join Date: Apr 2007
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
this is one of them

2movies.net

this forum has been hacked 3 times on 2 days

and not all the forums on the same server
Reply With Quote
  #4  
Old 12-26-2008, 11:57 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Would have more expected them to be on 1 server. If multiple boards, running different versions are being hacked, then you must look for the common factors.

It is unlikely that they are hacked thru core vB. More likely is direct database access or shell access on the server.
Reply With Quote
  #5  
Old 12-26-2008, 12:00 PM
pnosko31 pnosko31 is offline
 
Join Date: May 2006
Posts: 86
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
are you using the same username and pass for all servers?
Reply With Quote
  #6  
Old 12-26-2008, 02:17 PM
3ashek 3ashek is offline
 
Join Date: Apr 2007
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I make everything to make this server secuer and also I'm not using the SAME data on every forum

the last thing I want to explain that there isn't any changes happened to the files for this forum .

also the hacker didn't use the account on the board to make his hack as if he could hack the database or anythig else he could be deleta any thing from it

all what I do here to restore the forumhome template for the style as It was before ,

please tell me If there is something I can do to stop these hackers..

wait for reply
Reply With Quote
  #7  
Old 12-26-2008, 02:25 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Well something is able to make changes to the templates table in the database. This is either done by direct access to the database (why delete info if you want to redirect to a spam site?), or by an installed modification that is vulnerable to SQL-injections.
Reply With Quote
  #8  
Old 12-26-2008, 08:55 PM
3ashek 3ashek is offline
 
Join Date: Apr 2007
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Now after 7 hours of tryping this thread at this moment 8 forums has been hacked by the same way.

however I have reuploa forum files again and make firewall on the admincp and put new style ,

please tell me what is the problem there
Reply With Quote
  #9  
Old 12-27-2008, 03:13 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Marco van Herwaarden View Post
Well something is able to make changes to the templates table in the database. This is either done by direct access to the database (why delete info if you want to redirect to a spam site?), or by an installed modification that is vulnerable to SQL-injections.
...
Reply With Quote
  #10  
Old 12-27-2008, 05:04 PM
Golzarion's Avatar
Golzarion Golzarion is offline
 
Join Date: Jan 2008
Posts: 214
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Why don't you take a look at server log ?? ( log access raw )

you can see how they act exactly ...

Do you use shared server ?

And did you change the database password after being hacked ?

change the database password and re edit config.php and also can test this plugin : https://vborg.vbsupport.ru/showthrea...04#post1687304
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:06 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04639 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete