Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 05-27-2011, 02:04 PM
williamrcmt williamrcmt is offline
 
Join Date: Oct 2008
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Forum attacked, need some help

I have a forum, 4.0.7 and we were attacked, I need some help ridding his statement, restoring and patching ect. Can anyone point me in a good direction of who to ask?

Right now I've replaced index.php with a html just to rid me of his statement showing

Way over my head
BILL

Forum software upgraded, and everything seems to be going right.
Reply With Quote
  #2  
Old 05-27-2011, 02:44 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by williamrcmt View Post
I have a forum, 4.0.7 and we were attacked, I need some help ridding his statement, restoring and patching ect. Can anyone point me in a good direction of who to ask?

Right now I've replaced index.php with a html just to rid me of his statement showing

Way over my head
BILL
How exactly were you hacked? Can you post the link to your forum please?

If I were you I would contact the host and ask them to check their logs. It would also be best to upgrade your forum to the latest version as the version you have contains several known security issues, not to mention the unnumerous bugs.
Reply With Quote
  #3  
Old 05-27-2011, 02:45 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Talk to your host to try to find out how they hacked you. This is important - if you don't find this out, then you may fix everything and then just get hacked again.

Use a database backup make prior to your being hacked.

Reupload all your vbulletin files.

Look for any files that aren't something you added to your site.

Do a search and find other threads about this exact same issue.
Reply With Quote
  #4  
Old 05-27-2011, 03:49 PM
williamrcmt williamrcmt is offline
 
Join Date: Oct 2008
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I really have no clue, here is the link http://www.rcmt.biz/bd/ I took off my temp html page again so you can see it.
I'll contact my host, see if they can do anything to say what happened.

I am in over my head..

--------------- Added [DATE]1306515111[/DATE] at [TIME]1306515111[/TIME] ---------------

I really have no clue, here is the link http://www.rcmt.biz/bd/ I took off my temp html page again so you can see it.
I'll contact my host, see if they can do anything to say what happened.

I am in over my head..

oh man he hacked one of my admins
Quote:
Website security

Hey Will, I'm HUN. You're propably angry at me because of the deface,
but I would only like to notify you to upgrade vBulletin 4.0.7 to version 4.1.x, since this version has bad security holes,
and if you don't upgrade it, I'll keep hacking your forum.
Cheers
Reply With Quote
  #5  
Old 05-27-2011, 04:31 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Where you running 4.0.7 or 4.0.7PL1? There was a patch put up a while ago because of a security exploit discovered.
Reply With Quote
  #6  
Old 05-27-2011, 04:40 PM
williamrcmt williamrcmt is offline
 
Join Date: Oct 2008
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

probably the earlier one, it was updated by vbull people for me in Nov or Dec
Reply With Quote
  #7  
Old 05-27-2011, 04:46 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You should *always* pay attention when there is a security patch released and then patch your site immediately. This notice was posted about it - http://www.vbulletin.com/forum/showt...=1#post2139863 - and a Security Bulletin was sent out to all license holders regarding this.
Reply With Quote
  #8  
Old 05-27-2011, 04:55 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If I were you, I would make a thorough scan of the db and server space and if nothing out of the ordinary was found, I would delete the hacker account, and upgrade the forum to the latest version a.s.a.p. Or you could revert to your most recent db backup from before the hack and then upgrade your forum.
Reply With Quote
  #9  
Old 05-27-2011, 08:58 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

And pay the hacker no attention, do not "egg on" "challenge" or entice him/her with replies upgrade and stay current, always checking for updates to modifications including commercial third party plugins as well to avoid this in the future. Notices are sent to your admincp in regards to vBulletin, pay attention to those and mark modifications as installed on this site to receive email notices regarding updates and more pertinent information.

I hate to say this and I don't direct it at you solely however everyone needs to understand you can't simply install a forum including a few mods then let it sit and post away. You must upkeep your forum as with anything for example if it's a site you run for your business then it should be considered I dare say like a second house, beach house... you must still upkeep the house and property for regular use on vacations, you can't let it sit and not mow the grass (spam, deletion of spam, bots etc), you must setup something with the water and power company (hosting) otherwise pay monthly in order to enjoy the stay when you their, security system (updates/upgrades) then painting every few years (styles) you must upkeep your forum in the same respect I can't stress that enough .
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:46 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03999 seconds
  • Memory Usage 2,240KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete