Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Forum hacked
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-19-2009, 10:07 PM
psilocybin1 psilocybin1 is offline
 
Join Date: May 2009
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Forum hacked
Someone hacked my forum. In my logs there was access to options.php and changed my admin password and email from a strange ip adress
Reply With Quote
  #2  
Old 06-19-2009, 10:12 PM
Sweeks Sweeks is offline
 
Join Date: Jul 2008
Posts: 633
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If options.php isnt part of default vbulletin I suggest removing it, run the diagnostics tool for suspicious files on the site
________
Nigel Mansell
Reply With Quote
  #3  
Old 06-19-2009, 10:13 PM
Lautaro's Avatar
Lautaro Lautaro is offline
 
Join Date: Jan 2009
Location: United States
Posts: 233
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Download your vBulletin files and extract the folder called "Do not Upload" you will find a file named "tools.php" upload it into your 'install'.

Then go to your forum and create a new account if you can and then run the "tools.php" file and reset the admin permission by adding the account you created on the input field.

I hope this helps.
Reply With Quote
  #4  
Old 06-19-2009, 10:18 PM
psilocybin1 psilocybin1 is offline
 
Join Date: May 2009
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
got back in before just wondering how to prevent this

--------------- Added [DATE]1245453625[/DATE] at [TIME]1245453625[/TIME] ---------------

And what is options.php
Reply With Quote
  #5  
Old 06-19-2009, 10:39 PM
Sweeks Sweeks is offline
 
Join Date: Jul 2008
Posts: 633
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Post a snippet
________
Hawaii Medical Marijuana Dispensary
Reply With Quote
  #6  
Old 06-19-2009, 10:50 PM
psilocybin1 psilocybin1 is offline
 
Join Date: May 2009
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Snippet?
Reply With Quote
  #7  
Old 06-19-2009, 11:19 PM
Si... Si... is offline
 
Join Date: Sep 2006
Location: Los Angeles, USA.
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Print screen shot... View of the content being... There...

In this case, he is asking you to open options.php up in a text editor. And copy and paste the contents into a reply box... At least I think he means that.

How to prevent this?
Well a number of ways.
  1. Changing your password every X amount of days.
  2. Directory Password Protecting the AdminCP
  3. Setting your ADMIN user from being modified in the config.php
  4. My personal favourate: Rename the AdminCP folder, and telling config.php where and what the new one is, and preform Step 2 on that folder. Then make a blank folder called admincp with a blank index.php in there. [Make sure this AdminCP is passworded too. It pisses hackers off to see a passworded area with nothing in it. Lol!] Remember when doing upgrades to put them in the new folder and ignore the line "Upload AdminCP contents to Admincp on the site" upload it to the personal folder.
  5. Having only one person who is an Administrator.
  6. Having a really long or complex password. My favourate [WHICH IS MY OLD ONE] was "Mary had a little lamb." It had caps, spaces, fullstop/ period, etc.... Simple. But it worked!
Those are my suggestions. They worked for me. But hey. What would I know, right? I've been running forum software for over 10 years and never ever been hacked once. Ever.
Reply With Quote
  #8  
Old 06-19-2009, 11:58 PM
psilocybin1 psilocybin1 is offline
 
Join Date: May 2009
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
there was also a style added to my forum called
TRY4G-Team...which leads to a style that shows my directory files

--------------- Added [DATE]1245459600[/DATE] at [TIME]1245459600[/TIME] ---------------

its an exploit style,,,it can access every file aswell as edit save, and upload...BAD NEWS
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:15 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07725 seconds
  • Memory Usage 2,224KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete