Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Security and hacking gurus, need some help!
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-13-2006, 09:59 PM
ludachris ludachris is offline
 
Join Date: Feb 2002
Posts: 287
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security and hacking gurus, need some help!
Hey guys, I am in the process of cleaning up all the sites on one of our servers that was hacked due to a Remote File Include Vulnerability. Here are some links to what I'm talking about:

http://securitytracker.com/alerts/2006/Feb/1015624.html
http://www.soledadpenades.com/2006/0...-nothing-to-do

Basically what happened was, they somehow found a way to write to every file on our server. They added a few lines of IFRAME code that was meant to redirect our visitors to other sites. Every single file on the server was affected, although not all files had the same code added. Some had multiple lines of the same code, others had just one line. It's a dedicated server, and all sites on the server are ours.

The problem is I can't narrow down which script we're running would account for the security hole. Can anyone tell me which of these scripts it could be:

vbulletin - developers say it's not
vbadvanced cmps - developers say it's not
vbadvanced Links - developers say it's not
phpadsnew2 - http://phpadsnew.com/two/
ContactForm - http://www.free-php.net/scripts.php?id=2
Photopost Classifieds - http://www.photopost.com/class/
Photopost vbGallery - http://www.photopost.com/forum/forumdisplay.php?f=113
(formerly vbaGallery, not photopost pro)

And if none of the above, could it be a hack that has been added on to vb? We have a few. What should we be looking for? Any help would be appreciated. I'd hate to clean this all up only for somone to run a script and screw it all up again.

Please guys, I need to find out how to stop this from happening again. I've already cleaned up all files once and it took several days. It happened again today and we have to start all over.
Reply With Quote
  #2  
Old 11-13-2006, 10:25 PM
SCRIPT3R SCRIPT3R is offline
 
Join Date: Jan 2005
Posts: 1,303
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
photopost is buggy as all hell and not even worth having on your forum IMO. horrible scripting, service, etc. i would look there before all else.
Reply With Quote
  #3  
Old 11-13-2006, 10:45 PM
ludachris ludachris is offline
 
Join Date: Feb 2002
Posts: 287
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by GearTripper View Post
photopost is buggy as all hell and not even worth having on your forum IMO. horrible scripting, service, etc. i would look there before all else.
We're actually using vbgallery, which was not written by the guys at photopost, but the script is now owned by them. It was originally written by the guy who wrote vbadvanced CMS.

Anywhere else we should post this in order to get faster help? Any other information we need to post? Please guys, we really need some help here...
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:37 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03508 seconds
  • Memory Usage 2,175KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete