Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page HACKED - Make sure you are secure
FAQ Community Calendar Today's Posts Search

Reply
Page 3 of 4 12 3 4
 
Thread Tools Display Modes
  #21  
Old 04-13-2009, 04:37 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by |Jordan| View Post
Chown it as a different user other than root?
Ideally, a user just dedicated to PHP (with locked down permissions). Also have a look at upload_tmp_dir (you may want to change this as well, although it is not necessary).
Reply With Quote
  #22  
Old 04-20-2009, 08:11 PM
Brother Malachi Brother Malachi is offline
 
Join Date: Jun 2008
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sorry for reviving this old thread but how can I know if my site is compromised?
Reply With Quote
  #23  
Old 04-20-2009, 09:48 PM
tipoboy's Avatar
tipoboy tipoboy is offline
 
Join Date: Dec 2005
Location: scotland
Posts: 693
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by hammerhead24 View Post
Sorry for reviving this old thread but how can I know if my site is compromised?
usually if you keep your bulletin board up to date, your pretty safe
Reply With Quote
  #24  
Old 04-21-2009, 09:17 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You don't really know until its too late. However, as mentioned above, keeping your software as up to day as possible will reduce this risk.
Reply With Quote
  #25  
Old 04-21-2009, 11:33 PM
Brother Malachi Brother Malachi is offline
 
Join Date: Jun 2008
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What about the tmp folder?
Reply With Quote
  #26  
Old 04-22-2009, 06:55 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What about it? As long as you keep PHP's temp directory secured, you should be fine.
Reply With Quote
  #27  
Old 04-22-2009, 08:19 PM
Brother Malachi Brother Malachi is offline
 
Join Date: Jun 2008
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What I meant was how do I know if the /tmp/ folder is not secured?
Reply With Quote
  #28  
Old 05-01-2009, 02:33 AM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by |Jordan| View Post
How do you secure the tmp dir ? chown it?
The hacker does not use a /tmp dir, to hack your forum. He takes advantage of your 0777 chmoded dirs in vB to screw you nice.
I posted this issue long time ago but people thought I'm crazy. I even wrote a tutorial on this site how to secure vB... Put it this way: You have a 0777 dir into your /var/www/html (or whatever is the web root)? You can be hacked, very easy.

Read this article I wrote long time ago... probably nobody read it.
Then secure the same way the curent 0777 dirs, not just the config file. Chmod them to 0750 and own them by nologinuser:root.
Reply With Quote
  #29  
Old 07-27-2009, 08:02 PM
chloe101 chloe101 is offline
 
Join Date: Dec 2007
Posts: 116
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by TECK View Post
The hacker does not use a /tmp dir, to hack your forum. He takes advantage of your 0777 chmoded dirs in vB to screw you nice.
I posted this issue long time ago but people thought I'm crazy. I even wrote a tutorial on this site how to secure vB... Put it this way: You have a 0777 dir into your /var/www/html (or whatever is the web root)? You can be hacked, very easy.

Read this article I wrote long time ago... probably nobody read it.
Then secure the same way the curent 0777 dirs, not just the config file. Chmod them to 0750 and own them by nologinuser:root.
Thank you!
Reply With Quote
  #30  
Old 09-25-2009, 04:20 AM
knucklenitz knucklenitz is offline
 
Join Date: May 2009
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Teck-

Just to make sure I understand, moving the config.php to another directory out of the public html will not affect vb operation?

I was just hacked yesterday and confirmed that it was some sort of database insertion, based on that when I restored a backup database, the hack was cleared. I wasn't able to find any files with changed dates.

Is there some other way, other that the hacker breaking the config.php that they could manipulate the database?

Note that I also have htaccess on all pertinent directories.

Thanks!
Reply With Quote
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:06 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07992 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete