The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Forum keeps getting hacked
I have a slight problem with an affiliate hacker. This lil twit modifies index.php, forumdisplay.php and showthread.php with the following code.
PHP Code:
PHP Code:
It's simple enough to fix but I want to prevent it from happening again, seems every three days or so it is back. Can I just chmod these files or will that mess up the board even more? Thanks, Gil http://www.masscops.com/forums/police_portal_index.php? |
#2
|
||||
|
||||
You should be able to chmod them 644 I believe
|
#3
|
||||
|
||||
Quote:
|
#4
|
|||
|
|||
Yeah mine are already 644 also. Would 444 be an option?
Gonna try it and see what happens. UPDATE: Ok the 444 seems to be working for the time, don't know if the lil twit has tried it again or not but how was he able to do this in the first place? I am not a security expert by any means but I think my vB is pretty secure. (renamed admin folders, htaccess etc...) Is this some type of mysql injection or something? |
#5
|
|||
|
|||
The chmod 444 did not stop the lil twit.
On top of that the files that I did a chmod on were reverted back to 644. Another interesting item, today just before I got hacked I had a new user join the forum. IP Address used was 201.17.220.203 Quote:
|
#6
|
||||
|
||||
IMO, he gave himself away (the assumption it is a he). If it were me, I would block the whole HOST IP range in the vbulletin and if you have a firewall, add it to the firewall.
|
#7
|
|||
|
|||
Server co. says he is getting in through the impex directory....
|
#8
|
||||
|
||||
Remove impex off your system if it is no longer in use.
http://www.vbulletin.com/docs/html/impex_cleanup |
#9
|
|||
|
|||
already done, hope that was it...
|
#10
|
||||
|
||||
Don't forget to ban his IP addresses though :P
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|