Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 04-21-2009, 02:11 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Your first post is very misleading. You claim " there were no addons at the time" and then go on to say "I am pretty sure now that he used a modification to gain access to my account even though he says he didnt so i have already removed most of them. Some of the are critical but i believe are safe."

Modifications are Add-Ons.
Reply With Quote
  #12  
Old 04-21-2009, 03:17 PM
Michael.A's Avatar
Michael.A Michael.A is offline
 
Join Date: Dec 2008
Location: L.A
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Your first post is very misleading. You claim " there were no addons at the time" and then go on to say "I am pretty sure now that he used a modification to gain access to my account even though he says he didnt so i have already removed most of them. Some of the are critical but i believe are safe."

Modifications are Add-Ons.
ok am sorry, so Lynne are u saying he got hacked buc of Add-Ons?
Reply With Quote
  #13  
Old 04-21-2009, 03:21 PM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Your first post is very misleading. You claim " there were no addons at the time" and then go on to say "I am pretty sure now that he used a modification to gain access to my account even though he says he didnt so i have already removed most of them. Some of the are critical but i believe are safe."

Modifications are Add-Ons.

He hacked with & without addons, i dont know what to think but the words 'vbulletin version 3.8.x' have been said more than once to me over the last 2 days.



Quote:
Originally Posted by MAD--DOG
any vb higher then 3.7.5 is fun to take down sorry but yes . 3.8.x no good
Which i guess is why you stayed a 3.7.5

So whats your advise MAD--DOG? You seem to know the score, what if anything can i do to prevent this?
Reply With Quote
  #14  
Old 04-21-2009, 03:30 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MAD--DOG View Post
ok am sorry, so Lynne are u saying he got hacked buc of Add-Ons?
I have no idea how he was hacked. But if sounds to me like the hacker got server access somehow if he was modifying the htaccess file. I was just commenting on the fact that at first he was leading people to believe he had no add-ons/modifications on his site, but it turns out he did and it sounds like the hacker even used one of them to help do something to the site.

Also, I have not heard anything to say 3.8 is less secure than 3.7. But, I don't go reading up on this all the time either.

I hate hackers.
Reply With Quote
  #15  
Old 04-21-2009, 03:39 PM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Powlo View Post
He hacked with & without addons
Why do you hate hackers? Some of them are good and help software companies create a more secure product. I dont think these guys should be put into one basket, there are good and there are bad. Perhaps you just hate the bad ones
Reply With Quote
  #16  
Old 04-21-2009, 03:42 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Powlo View Post
Perhaps you just hate the bad ones
Yes, I hate the bad ones.... especially ones that try to extort you to undo what they did.
Reply With Quote
  #17  
Old 04-21-2009, 03:53 PM
Shadab's Avatar
Shadab Shadab is offline
 
Join Date: Apr 2007
Location: Bhopal
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If the hacker has access to your vBulletin Forum's admin account and it's a Super Administrator account and/or has the permissions to 'manage' plugins; then yes, he can alter/create files on your server. Doesn't matter if you have 3'rd party addons installed or not.

So; Stock vBulletin or not, if he gets access to your admin account, theres nothing stopping him to create his own plugins from your account to run raw PHP code on the Forum. (unless of course that particular admin account doesn't have the permission to alter plugins).
Reply With Quote
  #18  
Old 04-21-2009, 04:23 PM
Powlo Powlo is offline
 
Join Date: Feb 2008
Location: Sunderland UK
Posts: 155
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shadab View Post
If the hacker has access to your vBulletin Forum's admin account and it's a Super Administrator account and/or has the permissions to 'manage' plugins; then yes, he can alter/create files on your server. Doesn't matter if you have 3'rd party addons installed or not.

So; Stock vBulletin or not, if he gets access to your admin account, theres nothing stopping him to create his own plugins from your account to run raw PHP code on the Forum. (unless of course that particular admin account doesn't have the permission to alter plugins).

Thats what i thought and sounds like that is exactly what happened as i can see from the log that the first thing he did was something with plugins..

17838 Python 18:04, 19th Apr 2009 plugin.php productedit
17837 Python 18:03, 19th Apr 2009 plugin.php product

.. is there a way to find out which one was altered?
Reply With Quote
  #19  
Old 04-21-2009, 04:30 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It may show in your access_logs. Each plugin has an id and when you go to edit it, it says the id in the url. So, like I said, look in your access_logs for something like "..../plugin.php?do=edit&pluginid=xx" to get the pluginid.
Reply With Quote
  #20  
Old 04-21-2009, 05:03 PM
Shadab's Avatar
Shadab Shadab is offline
 
Join Date: Apr 2007
Location: Bhopal
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
It may show in your access_logs. Each plugin has an id and when you go to edit it, it says the id in the url. So, like I said, look in your access_logs for something like "..../plugin.php?do=edit&pluginid=xx" to get the pluginid.
Yep, plugin edits can be tracked this way; but this entry :
Code:
17838 Python 18:04, 19th Apr 2009 plugin.php productedit
corresponds to a whole 'product' edit; whose ID we *probably* can't track. As vB doesn't log it and moreover, that ID is sent via POST not GET; so the server access log can't see it too.

To OP:
All the hacker used was just plugin edits ? Did you check with your webhost on which 'files' were altered/added to your hosting account in the past 1 week ?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:31 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04531 seconds
  • Memory Usage 2,264KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (8)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete