Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #11  
Old 03-02-2008, 12:24 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh, Ok, LOL

You were talking about a brother in arms and I was starting to get a little unnerved.
  #12  
Old 03-02-2008, 12:28 AM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We can start with a small one
  #13  
Old 03-02-2008, 12:32 AM
kylek kylek is offline
 
Join Date: Oct 2003
Location: British Columbia, Canada
Posts: 798
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As one who had two sites hacked since the new year I would like to see this added also. Not on how to hack but how to prevent being hacked, tips, etc. Maybe a stickied thread where the latest security issues found with various add ons for vbulletin could be posted warning others if they didn't know about them.

My case with vbgallery I hadn't been on their site lately and did not receive an email they sent out stating issues with the gallery and that they had an update out for it.
  #14  
Old 03-02-2008, 12:49 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I was hacked a few years ago on my old server but it turned out they just replaced the index.html in the domain directory with their own and renamed mine. Copying mine over theirs fixed it for me. That is one of the most common ways I have seen and it causes a lot of concern until you find out how they do it. I don't think we all ought to go out and buy guns because someone tripped over someone else's shoestring. Nex is right in the idea that if we bring attention to these clowns, it is only going to draw them out and make it worse.

(You owe me, Nex)
  #15  
Old 03-02-2008, 04:02 AM
legionofangels's Avatar
legionofangels legionofangels is offline
 
Join Date: Mar 2007
Posts: 485
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Bravo.

Anyone can get that kind of response. Hacking and coding are amazingly two entirely different things. It can happen to anyone of us.

What can we do?

Pray?

lol

Not much really, if they have the skill they can get into it and while I own a website and forum I respect that. When we actually do something worth hacking, like a shop, I'm going to hire a hacker to make it hacker proof and make them liable if it's hacked if they'll accept the job. If not, I don't really care. Boo hoo, call your host, get your Super Admin account set back up and own them. However they deserve to be respected and since I can't beat them, I can hire them.

That's my perspective.
  #16  
Old 03-02-2008, 06:06 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Moved to Site Feedback.

I don't see much use of creating a seperate section on this.

There are already advices on how to operate your board securely on both vB.com and vB.org. If there are more security tips, then feel free to write an article about it.

If a vulnerability is found on a modification here on vBulletin.org, we already do warn the users of that modification.

My view: All information is already there, but people tend to ignore it until too late. No new section will change that.
  #17  
Old 03-02-2008, 11:50 AM
nexialys
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by iogames View Post
We can start with a small one
if you see the mean for such security service, why don't you start a new vBulletin-Security-SWAT ?!... starting a forum with just these kind of topics in mind ?!

it is like when people wants a forum for SEO and search engine related topics... nobody block you from doing so, maybe just not ALL HERE... that's all...

also, hacking a hosted account have not a single link between vBulletin and the server... 95% of the hacking related to the sites that were listed here as "hacked" were hacked outside vBulletin engine, by not having enough securities on the server, so people need to understand what they are doing when they host a site like this, instead of thinking everything is fine until they are hit...

when someone come here and say "my site was hacked, he accessed my database and i'm crashed"... i can say that most of the time, if not all the time, that was a serverside situation of a hacker who knew how to obtain the config.php data to hack into the database... no need to crash an entire site, you just have to infiltrate and make fun of it... this is basic site administration, not forum code.

this topic started because one of the partner of the admin trashed from the inside... not a single bit of code related to security.. it's all about confidence to the persons you're supposed to trust before giving them access to the administration...

i don't think Bill Gates would give the key from his house to his business partners...
  #18  
Old 03-02-2008, 07:22 PM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nexialys View Post
if you see the mean for such security service, why don't you start a new vBulletin-Security-SWAT ?!... starting a forum with just these kind of topics in mind ?!

it is like when people wants a forum for SEO and search engine related topics... nobody block you from doing so, maybe just not ALL HERE... that's all...

also, hacking a hosted account have not a single link between vBulletin and the server... 95% of the hacking related to the sites that were listed here as "hacked" were hacked outside vBulletin engine, by not having enough securities on the server, so people need to understand what they are doing when they host a site like this, instead of thinking everything is fine until they are hit...

when someone come here and say "my site was hacked, he accessed my database and i'm crashed"... i can say that most of the time, if not all the time, that was a serverside situation of a hacker who knew how to obtain the config.php data to hack into the database... no need to crash an entire site, you just have to infiltrate and make fun of it... this is basic site administration, not forum code.

this topic started because one of the partner of the admin trashed from the inside... not a single bit of code related to security.. it's all about confidence to the persons you're supposed to trust before giving them access to the administration...

i don't think Bill Gates would give the key from his house to his business partners...
Well before I started this thread I went to look for the vBSecurity.com domain and I tried a few more combinations, but they aren't available...

I think I got all the security measures in place on my board and despite that I got my dB deleted totally for a hired coder.

Well security is a plus anywhere, so if we keep thinking that vB is mostly a hobby than a Business/Investment then forget about protection.
  #19  
Old 03-02-2008, 09:12 PM
nexialys
Guest
 
Posts: n/a
Default

your problem is actually not related to vBulletin at all, you know it... it depend on the access you gave to someone... even if Jelsoft develop a level 7 security protocol, there will be nothing they can do if the best security is to not give access to the database... this is not security of a script at all..

the first words are always : BACKUP YOUR DAMN DATABASE AND KEEP IT SAFE...

if you can't follow that, forget about securities...
  #20  
Old 03-02-2008, 09:17 PM
Adrian Schneider's Avatar
Adrian Schneider Adrian Schneider is offline
 
Join Date: Jul 2004
Posts: 2,528
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What harm is there in organizing information to help protect administrators?
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:05 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04411 seconds
  • Memory Usage 2,269KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (8)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete