The Arcive of Official vBulletin Modifications Site.

cammot · #1 03-01-2010, 10:15 PM

I need some urgent help. It seems that my vB4 suite site has been attacked by a hacker. What has happened is that a new section has been added to the list of sections on my home page. The new section is an advertisement with some profanity on it. Clearly, who ever did this may have had access to my CP, and add the new sections.

Aside from trying to determine how this might have happened, I am unable to delete the section becasue there is no 'delete icon' next to it. I am however, able to block the viewing on the front end of this specific section, by removing all the permissions except to the administrator.

I recently updated the latest patch 4.0.2 so not sure how this has occured, and how to prevent it from continuing - and also removing the section.

Any help would be greatly appreciated.

cammot

ChopSuey · #2 03-01-2010, 11:47 PM

One big tip about running a forum "Always use strong passwords"

Thats how he got to your AdminCP

cammot · #3 03-02-2010, 01:28 AM

I agree with the need for strong passwords, which I have. But it's an assumption on your part to suggest that's the only way a hacker can infiltrate a site. That's why they discover security holes from time to time, and releases security patches.

cammot

Lynne · #4 03-02-2010, 03:13 AM

You cannot delete the section until you have removed all the articles from it.

Check your access_logs and see if you can determine how they got in.

mrt12345 · #5 03-03-2010, 08:00 PM

I had problems also but it is just spammers and there dam software they use i just added a security question for registration and so far it has help quit a bit. :up:

RandyO · #6 03-03-2010, 11:52 PM

Your server needs proper security.. brute force attacks are all too common (my servers ban dozens of IP's daily for these) If your web host does not run some type of protection from brute force attacks, you need a new host..

ALSO Make sure your mysql db password in the config file is uber complex as well.. good hackers really do not use the GUI in most cases.. they inject code through an insecure script and it may not even be related to your forum...

Good luck... for me? a server gets hacked and it is full system dump and reload of the OS...

cammot · #7 03-05-2010, 05:41 PM

Thanks for all the comments. I think I finally think I found the method used, if this helps anyone. Apparently one of my forum's was accessible for non registered, and an article that was created on the forum also had comments (replies) enabled. So the spammer took advantage of making a comment, that somehow even changed the forum title. HTML was allowed on the comment box. So it could be that these contributing factors led to how my site was infiltrated without a password being necessary.

Thanks
cammot

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04393 seconds Memory Usage 2,210KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (7)post_thanks_box (7)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (7)post_thanks_postbit_info (7)postbit (7)postbit_onlinestatus (7)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!