Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Th3H4ck hacked hundreds of VB forums over the last two days.
FAQ Community Calendar Today's Posts Search

Closed Thread
Page 3 of 11 12 3 45 Last »
 
Thread Tools Display Modes
  #21  
Old 09-06-2013, 01:48 PM
squidsk's Avatar
squidsk squidsk is offline
 
Join Date: Nov 2010
Posts: 969
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by TheLastSuperman View Post
*Please note: Renaming it to /..install../ OR /old_install/ OR anything honestly is not doing you any good, delete the entire directory to be 100% sure you're not able to be exploited by that ftard .
Quote:
Originally Posted by nerbert View Post
Would it be enough to just rename it?
See above quote.
  #22  
Old 09-06-2013, 01:54 PM
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Posts: 1,987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ForceHSS View Post
Yeah. Great. A post from yesterday. That only proves that NOW they tell you to remove that directory. They have done otherwise for years.
  #23  
Old 09-06-2013, 02:22 PM
nhawk nhawk is offline
 
Join Date: Jan 2011
Posts: 1,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I've always deleted the install directory on live sites without any problems. It just seemed to make more sense to me.

I also rename the admincp and modcp folders to a secure name. In addition, whenever possible I protect them with htaccess so only IP addresses included in the htaccess file can use the ACP and ModCP.
Благодарность от:
CAG CheechDogg
  #24  
Old 09-06-2013, 02:52 PM
DF031 DF031 is offline
 
Join Date: Nov 2012
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by nerbert View Post
Would it be enough to just rename it?
Why would you take that rrisk ? VB recommends to delete it, why ignore that ?

It is not just your forum at risk, but also the privacy and online security of your users.
Благодарность от:
CAG CheechDogg
  #25  
Old 09-06-2013, 02:53 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have always deleted the whole install folder have been doing this for sometime. I have also a lot of other security things in place
Благодарность от:
CAG CheechDogg
  #26  
Old 09-06-2013, 04:02 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by DF031 View Post
Why would you take that rrisk ? VB recommends to delete it, why ignore that ?

It is not just your forum at risk, but also the privacy and online security of your users.
I'm working on a adminCP file manager and am using it to delete this but I found a functional but very slow running block of code I would like to improve so I'm wondering if I need to do this in the next five minutes or the next five hours. But TheLastSuperman answered. Now I have to create a bunch of junk files to test my improved code on.
  #27  
Old 09-06-2013, 04:08 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
  
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by nerbert View Post
I'm working on a adminCP file manager and am using it to delete this but I found a functional but very slow running block of code I would like to improve so I'm wondering if I need to do this in the next five minutes or the next five hours. But TheLastSuperman answered. Now I have to create a bunch of junk files to test my improved code on.
Clone the site, restore on localhost then tinker away .
  #28  
Old 09-06-2013, 10:18 PM
tbworld tbworld is offline
 
Join Date: Oct 2008
Posts: 2,126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Obviously, it is not smart for VB to post any real details of the vulnerability, but if any of you are in the know: Is it sufficient enough to just IP restrict the install directory?

Might be a short term solution @nerbert.

I do like @TheLastSuporman suggestion, but I am sure you are already developing on a local system, this is probably just for testing -- right?
  #29  
Old 09-07-2013, 12:28 AM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by tbworld View Post
Obviously, it is not smart for VB to post any real details of the vulnerability, but if any of you are in the know: Is it sufficient enough to just IP restrict the install directory?

Might be a short term solution @nerbert.

I do like @TheLastSuporman suggestion, but I am sure you are already developing on a local system, this is probably just for testing -- right?
Actually I have an old unusable vB3 clone I can beat to pieces. But it's a useful resource for developing something like this -- not to be consumed recklessly.
  #30  
Old 09-07-2013, 01:09 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
  
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Renaming/htaccess protecting it still leaves you vulnerable the only way to be 100% safe is to delete the entire directory.
Closed Thread
Page 3 of 11 12 3 45 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:42 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07458 seconds
  • Memory Usage 2,284KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (3)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete