Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Th3H4ck hacked hundreds of VB forums over the last two days.
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 09-09-2013, 04:03 AM
induslady induslady is offline
 
Join Date: Jul 2006
Posts: 224
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by KissOfDeath View Post
what their doing is creating a backdoor to come back in later.

so then i figured it must be a file uploaded on the server because from what i've seen of the plugin being used gives them the ability to upload files to the server, so then i checked the file dates and found a suspicious "clock.php" file in the custom avatars folder that had been created the same day as the plugin above was installed so i removed that and restored another database backup from the 24th which is the day before the guy registered an account on my forums

I've changed admin, cpanel, & ftp passwords so i'll see where it goes from here, just removing the install folder is not enough,

here's an example of a file someone has uploaded as a backdoor back in to a forum http://www.paccin.org/deface.txt i guess their must be more files as well but this i all is could find on google
Hello,

Thank you for these details.

I was able to see these backdoor (php) files - about 4 in different names (gs.php, test.php, dyna_statistic.php) with exactly same content installed in the following folders:
customprofilepics
attachments
captcha
vba_dyna_modules


Deleted those files today.
Removed install directory the very next day of being hacked (6-Sep).
Changed cpanel/FTP, vbulletin database and admin account passwords.

I didn't find anything injected into the database, so should I restore it? Then the members posts will be lost!

What more should I do to keep the hacker away?
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:47 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09950 seconds
  • Memory Usage 3,652KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (23)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (41)post_thanks_box
  • (4)post_thanks_box_bit
  • (41)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (41)post_thanks_postbit_info
  • (41)postbit
  • (1)postbit_attachment
  • (41)postbit_onlinestatus
  • (41)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete