Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-19-2013, 03:59 PM
t2cervens t2cervens is offline
 
Join Date: May 2008
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default VBulletin 4.2.2 hacked; is it safe ?

hi

This morning (19 oct), one mod warned me that my website was hacked and defaced; in fact
the content of the website was deleted (only a few files left and empty directories)

this website had just a couple of static html files with some photos and a forum ( VB 4.2.2) all plugins disabled, no blogs no CMS etc.. ( I disabled everything during the latest update from 4.2.1 to 4.2.2); nothing else on the website,no apps too or scripts, and of course install directory was deleted..

at this time, the main directory (home) of the site contained 2 files: index php and changelogs.php (or something like that) I was unable to download this last one ( blocked by avast as trojan) and I remotely deleted it; I put the website offline too

Q: is vbulletin safe, is there a security problem ?

actually I'm trying to restore a backup ( 6 weeks old)

any suggestion/idea please now?

thanks

Terry
Reply With Quote
  #2  
Old 10-19-2013, 04:03 PM
fanyap fanyap is offline
 
Join Date: Apr 2008
Posts: 95
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If the physical files were deleted from the server, I think someone gained access to your server/FTP and deleted the files.

You should schedule automatic backups every 24 or 48 hours so that you're content loss is minimal if this happens again.
Reply With Quote
  #3  
Old 10-19-2013, 04:46 PM
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Location: PopCulturalReferenceLand
Posts: 5,171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A couple of resources you may want to look over:

Fixing Your Site After You Have Been Hacked
Recovering a Hacked vBulletin Site
Reply With Quote
  #4  
Old 10-19-2013, 05:03 PM
WEBDosser's Avatar
WEBDosser WEBDosser is offline
 
Join Date: Oct 2001
Location: @ MyPC
Posts: 824
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

did they delete the database? if not just upload the files again.
Reply With Quote
  #5  
Old 10-19-2013, 05:12 PM
t2cervens t2cervens is offline
 
Join Date: May 2008
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

update

restoring the website I found another php file obviously uploaded in vb directory by hacker..again avast detected infection when I downloaded it: PHP:Agent-IS [Trj] ...

--------------- Added [DATE]1382206444[/DATE] at [TIME]1382206444[/TIME] ---------------

Quote:
Originally Posted by WEBDosser View Post
did they delete the database? if not just upload the files again.
no I don't think so according to the db size

I did not check now 'cuz I was changing user db name and passw...

--------------- Added [DATE]1382209227[/DATE] at [TIME]1382209227[/TIME] ---------------

Quote:
Originally Posted by Digital Jedi View Post
thanks!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:32 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06389 seconds
  • Memory Usage 2,200KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete