The Arcive of Official vBulletin Modifications Site.

cloyal · #1 04-08-2006, 07:43 AM

Not sure if this is where I post this so I apologize in adavance if it's in the wrong place. Around 3:30 this morning some one hacked my index files and the put up a page that they had hacked it in the name of muslims. Somebody the name of Brandon. Not sure how this was done, but how do I prevent it from happening again? I was fortunate in having the files backed up so it didn't take long, I was also lucky in the fact I happen to be present with this person did it.

Rich · #2 04-08-2006, 12:11 PM

Hello,

If they changed files, then they gained access to ftp or your server somehow. It doesn't sound as if they hacked vBulletin. It sounds like they found their way onto your server.

I could be wrong, but I would certainly contact your service provider and inform them of what happened. They should be able to trace the login session.

peterska2 · #3 04-08-2006, 01:19 PM

It's normally they have just changed the forumhome template. Revert that and it should go back again.

Make sure you are running the lastest version, or at the very least have applied all security patches since the version you have installed.

cloyal · #4 04-08-2006, 04:34 PM

Thats what I thought as for the hack job, and I only had to replace the index file in two places. As for my server I contacted them immediately early this morning when it happened and they gaver this response.

Quote:

Hello,

The most common way to hack a site is through php. If this person found an
exploit in your forum software, they can make adjustments to any file they
chose. It's a good idea to update any php software often, as security holes are
found and fixed in every new release. Our logs are not specific enough to tell
who changed a file, or when. You may be able to find it in your stats pages, but
those will show you anybody visiting your site around that time.

I'm currently running 3.5.4. Not sure where they got in, just want to prevent it from happening again.

peterska2 · #5 04-08-2006, 04:38 PM

Have you installed any major modifications?

While it's not nessesserialy(sp) those, it is a possibility.

I'd also recommend contacting support via the members area to see if there is anything that they can recommend.

cloyal · #6 04-08-2006, 04:47 PM

I've installed quite a few hacks, but I wouldn't classify any of them as major. And it's been a while since my last hack has been installed.

I will make it a point to contact Vbulletin on this, as I'm just looking to prevent it, not complain about being hacked and to possibly find where it may have came from. My ire is only directed at some one that feels the need to be malicious for no other reason than to draw attention to himself .

Paul M · #7 04-08-2006, 05:00 PM

"The most common way" does not mean it's the only way - that reply was nothing more than a polite fob off.

cloyal · #8 04-08-2006, 05:05 PM

I appreciate all the help, like I said I'm not here to complain, just looking for a way to prevent it from happening again. I've had issues in the past with a different server and their common response was to blame the software. Since moving to another all those "problems" went away.

Princeton · #9 04-09-2006, 02:01 PM

Quote:

The most common way to hack a site is through php. If this person found an exploit in your forum software, they can make adjustments to any file they chose.

This is generally the kind of response you will get from all hosters. And, 99.9% of the time it's a correct assumption.

Just looking at your site I could tell you added a lot to it -- most likely the vulnerability is caused by one or more of the changes you did to the site.

Also, if you are giving different people access to your server/files to fix bugs and/or install products etc ... you are only putting yourself at risk. It just makes your job harder to find out who "hacked" your site.

Hacking a site could be done by adding a small script on a product, style, js, and/or flash file. This is why you should be careful of what you install on your site.

Check every file in your web account for files that do not belong there. If hackers got in they could have easily added or edited files.
You should check your addons for any suspicious code.
Change your config.php information (username/password). Most likely they didn't get this far but it's better safe than sorry.
Change FTP username/password.

My best recommendation is to start the site from scratch on a new hosting account. Also, limit OTHERS who have access to your server/files to 1.

DrewM · #10 04-09-2006, 02:20 PM

Did the hack page look like this: http://www.melonfresh.com/v2.php

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05173 seconds Memory Usage 2,248KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!