Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > General Articles
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Preventative - How to avoid being Hacked by TeamPS i.e. p0wersurge
TheLastSuperman's Avatar
TheLastSuperman
Join Date: Sep 2008
Posts: 5,844

Hey vb.org members and coders! Not much to say except I have a beautiful wife, three fantastic kids

North Carolina
Show Printable Version Email this Page Subscription
TheLastSuperman TheLastSuperman is offline 12-19-2011, 11:00 PM

No doubt some of you have already been defaced at some point in the past, what I aim to do is make a quick post letting you know a few simple tips to avoid or recover from this and also help you re-secure your site if you've recently recovered from such activity.

Lately what I've noticed is on older versions namely pre 4.1.4 a group of hackers have been exploiting the Admin Username and Password through member groups and the search feature, granting them access to the forum in question to do so as they wish. The main goal of the information outlined below is to help you prevent this from happening by adding in some additional security to your admin and moderator control panels with .htaccess. Initially newer versions were not affected by this however after a recent post on vBulletin.org I'm not sure what other methods they are using - https://vborg.vbsupport.ru/showthread.php?t=275715 so let's go ahead and remedy this shall we?

____________________

If your currently secure:
1) .htaccess protect your admincp and modcp here are some useful links;
.htaccess authentication generator:
http://www.htaccesstools.com/htaccess-authentication/
.htaccess password generator:
http://www.htaccesstools.com/htpasswd-generator/

Now if they are able to somehow obtain your primary admin account username and password they can only do so much damage... why? Well your admin control panel now requires a completely different username and password before you can even login, without server/ftp access they can never bypass this.

____________________

If you've been defaced:
1) Try restoring to a backup before you were hacked, if not possible recover the best way you can.
2) Change database passwords *Don't forget to update the config.php files for vBulletin and any other software running on your site.
3) Change FTP account passwords.
4) Change admin account passwords.
5) .htaccess protect your admincp and modcp here are some useful links;
.htaccess authentication generator:
http://www.htaccesstools.com/htaccess-authentication/
.htaccess password generator:
http://www.htaccesstools.com/htpasswd-generator/
6) Check to see if they added any admin accounts, on one site they changed the primary admin account name to what they desired and went so far as to re-create the admin accounts w/ the same details but no admin permissions to throw the site owners off for a little bit.
7) Use this guide and ensure your site is 100% clean - http://www.vbulletin.com/forum/blogs...iller/3934768-

___________________

*Use a entirely different username and complex password when creating the .htaccess and .htpasswd files. Also on that note, be sure the .htpasswd is stored above public_html i.e. in /home/accountnamehere/.htpasswds

**Wayne Luke of the vBulletin.com team also posted some very sound advice here, please take the time to read his post - https://www.vbulletin.com/forum/show...=1#post2245651
Reply With Quote
  #2  
Old 12-22-2011, 04:41 PM
ReFuZe ReFuZe is offline
 
Join Date: Sep 2011
Posts: 35
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

lolz that doesnt secure you at all it only secures the admincp but not that good theres tools for it I know becuase ive seen people do it and i had it all you need is a good hosting with alot of security cloudflare htaccess and no vuln and all that thats how you get secured
Reply With Quote
  #3  
Old 12-22-2011, 06:58 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ReFuZe View Post
lolz that doesnt secure you at all it only secures the admincp but not that good theres tools for it I know becuase ive seen people do it and i had it all you need is a good hosting with alot of security cloudflare htaccess and no vuln and all that thats how you get secured
I've never understood posts like the one above ^ - Not trying to be rude but either post "How-To" or don't post comments like that at all in my threads please, anywhere else go ahead however imo it does help if the one gaining access to your site knows nothing more than the context of the tutorial or video he/she is viewing correct? Case in point.

Your exactly right though, there's other ways that are much better however in my initial post above I clearly stated:

Quote:
what I aim to do is make a quick post letting you know a few simple tips
Pay attention and read between the lines so your not presented with a response like this in the future, everyone should be well prepared .
Reply With Quote
4 благодарности(ей) от:
BirdOPrey5, blind-eddie, borbole, CharlieDelta
  #4  
Old 12-24-2011, 09:25 AM
socialteenz's Avatar
socialteenz socialteenz is offline
 
Join Date: May 2011
Posts: 465
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great article. You are definitely a superman.
Reply With Quote
  #5  
Old 12-24-2011, 05:50 PM
CharlieDelta CharlieDelta is offline
 
Join Date: Apr 2010
Posts: 616
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by socialteenz View Post
Great article. You are definitely a superman.
No he is not....he is the LAST SUPERMAN!!

Thank you for this article. :up:
Reply With Quote
  #6  
Old 12-26-2011, 01:25 PM
ReFuZe ReFuZe is offline
 
Join Date: Sep 2011
Posts: 35
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Check my Article out that secures your site from Shells. plus Im working a tool that scans and when finds shells it removes them me and relevant are doing it so once its done it will be out to public but in the mean time use my article look at my threads

--------------- Added [DATE]1324909616[/DATE] at [TIME]1324909616[/TIME] ---------------

Im a pro hacker and a pro secure I know alot of basic but vb4.1.9 had too many LFI and RFI docks in them so thats why they are easir plus thats why I made my thread on how to block shells ill make a tut later


Sorry for my grammer just woke up
Reply With Quote
Благодарность от:
TheLastSuperman
  #7  
Old 01-01-2012, 12:10 AM
JimxJNM JimxJNM is offline
 
Join Date: Sep 2011
Location: Coral Harbour
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ReFuZe View Post
Check my Article out that secures your site from Shells. plus Im working a tool that scans and when finds shells it removes them me and relevant are doing it so once its done it will be out to public but in the mean time use my article look at my threads

--------------- Added [DATE]1324909616[/DATE] at [TIME]1324909616[/TIME] ---------------

Im a pro hacker and a pro secure I know alot of basic but vb4.1.9 had too many LFI and RFI docks in them so thats why they are easir plus thats why I made my thread on how to block shells ill make a tut later


Sorry for my grammer just woke up

Basically vBulletin websites doesn't have RFI / LFI Injections... In based the files aren't supporting these kind of LFI or RFI injections... Just letting you know
Reply With Quote
  #8  
Old 01-08-2012, 06:49 PM
ReFuZe ReFuZe is offline
 
Join Date: Sep 2011
Posts: 35
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah I know, I thought they where. Tm currently working on my tool to prevent hacking and shells. It might be possible but my other coder said it will take time.
Reply With Quote
  #9  
Old 01-29-2012, 10:42 AM
Eslob Eslob is offline
 
Join Date: May 2010
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

the best method is to encypt the config.php & class_core.php.

and keep a backup on ur pc.

and disable html in posts.

and change the path for config.php & change admincp folder to other and keeping the old name as an ambush.
Reply With Quote
  #10  
Old 05-06-2012, 01:44 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Eslob View Post
the best method is to encypt the config.php & class_core.php.
Sorry but someone who could access your server to have read rights for config.php (meaning the code) would have no problems with a simple copy & paste and then decode everything.

One thing to add maybe - if the site got defaced then the usual way would be to do a complete reinstall. Just copying in backups would also copy the security issue again someone used for the defacement.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:44 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04412 seconds
  • Memory Usage 2,315KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (9)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete