Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page HACKED - Make sure you are secure
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #35  
Old 09-26-2009, 04:23 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by knucklenitz View Post
I found that the person that attacked with SQL injection came from overseas, I am in the US. Since ALL of my traffic is actually on the west coast, I used htaccess to block all but US traffic. Appears to be working so far according to my logs.
And the logs just say the attacker isn't coming from US West coast ? Well, in a world of bot nets and open proxies it's maybe just a matter of time until the attacker found an IP that isn't blocked.
Maybe better spend your time fixing the holes - if I don't look the door and just paste a huge poster over it the door itself isn't more "secure" and this "door" is the problem, not how to hide it from someone.

Quote:
Originally Posted by knucklenitz View Post
On the SQL injection note, I restored my backup database so the hacked database is gone. I have contacted the programmed of the only two mods I have installed and he indicated they work on the admincp level so injection isn't possible. Since I'm a newbie in this area, I can't confirm. Is there any way to track database activity so I can find out how they got in?
You can enable the Query log in your Database but this might be a performance issue. Also protecting the Admin & Mod Panel with an Auth won't hurt - just ensure the login user and password aren't written somewhere at your board.

Quote:
Originally Posted by knucklenitz View Post
It appears the last two actions (many other http/file.php attempts before that) were the hacker going to sendmessage.php and then 45 minutes later, them going to the index probably to check that their hack worked. I have since disabled the sendmessage.php in the contact vb options.
Can also be the usual "background noise" like automatic IP scans for holes in the all-time-favorites like Joomla, phpMyAdmin, Horde and some older VB holes. Dunno how the attacking people(s) read their attack logs, maybe they just filtered for 200 replies and so wanted to see if they did any damage.
Right now, try to find out how it happened and fix the hole. Then things like IP Range blocking can be done anyways - first get the system clean and up-to-date - then additional enhancements can be done.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 04:29 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07739 seconds
  • Memory Usage 3,597KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (2)bbcode_php
  • (25)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (40)post_thanks_box
  • (40)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (40)post_thanks_postbit_info
  • (40)postbit
  • (40)postbit_onlinestatus
  • (40)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete