What to do for security when someone have access?

[FReeSTER]

Hey guys Im very worry about that someone is posting on my site as any Staff he want on the Hidden staff section.....

He for somehow have make a back door or something to enter the forum and even be creative enough to login as any admin he want including me...

What can I do to prevent this or at least make it difficult for him...
He have access for Cpanel and server as I can see since he stated it in a post at the staff section below

Quote:

Originally Posted by hacker at my site

Cross scripting a VB site is not as easy as you think . Unless you been doing it for years. I don't care if you make a 70 digit password it can be cracked . There is a new way of hacking vB forums that no one waste there time brute forcing sites its a joke. I could walk in all 3 of your firewalls and do a head spend before you fingered out what happened.

He left me that note on the Staff section logged in as another Staff and then he replied back as me and 2 other staff members.

Now I ask, what can I do to prevent this. Is there something I can try to do with config. files ect.....?

[Lynne]

Talk to your host! Have them help figure out how you were compromised. Are you on a shared server? If so, it could be someone else's account that was compromised. But, definitely talk to your host and also go through your own access_logs looking for his IP (if he posted, then hopefully he used the same IP to hack you) and see what he's been up to.

[FReeSTER]

Here is the funny thing Lynne, he have access to the forum and I dont think he have to the cpanel or server as I believe he all bs.. He just posted as me now. So my question is how in the world someone can know all the passwords for each user or login like me to post.

My best bet is he have a back door through the config.php file but again I dont think he have access to that part.

Is just so confusing that is getting of my nerves

[Lynne]

What version are you running and have you kept up-to-date with the security patches? You should be looking at your access_logs to see if he ran some script or what he did in order to get the passwords for your site.

[FReeSTER]

I have vb4.1.3 version and yes I have been up to date on security files.
I will check on the admin logs and report back

And for passwords the only method that Im aware off it the queries system which he can do easily by logging in like me as I do have that option available. WoW I think i might have to get in as a hacker now to learn few of their tricks.

--------------- Added [DATE]1316263607[/DATE] at [TIME]1316263607[/TIME] ---------------

I do get this from the CP Logs for admin
SCRIPT -----------------Action--------Info
usertools.php ----------- doips--------- user id = 1
user.php ---------------- edit --------- user id = 1
user.php ---------------- --------- find


I always delete the install folder as well the the tools.php file I never have it on the forum unless I need to use it which is random

[Mooff]

Are you running php 5.3.7 by any chance?

This version has a bug in the encryption function, which could result in the following behaviour if i do understand that bug correctly. Whatever pw you type in it sends the same value (salt) instead of the encrypted pw. I also don't know if the encryption algorithm used by vbulletin would be affected by that.

Information given here (i googled a random english site, read about it on a german one).
http://www.v3.co.uk/v3-uk/news/21035...-bug-discovery


Anyway just a guess. It might help.

[FReeSTER]

Quote:

Originally Posted by Mooff

Are you running php 5.3.7 by any chance?

This version has a bug in the encryption function, which could result in the following behaviour if i do understand that bug correctly. Whatever pw you type in it sends the same value (salt) instead of the encrypted pw. I also don't know if the encryption algorithm used by vbulletin would be affected by that.

Information given here (i googled a random english site, read about it on a german one).
http://www.v3.co.uk/v3-uk/news/21035...-bug-discovery


Anyway just a guess. It might help.

Thank you mate I will look into it..

Thanks kindly

[Max Taxable]

If you have the "Quick User Changer" hack, it's pretty easy for someone to gain access to ALL accounts if he gets access to a admin one. Just a thought.

[ReFuZe]

What`s your site called I can secure for you I dont do it for free i do it for 10 dollars but if you dont get it then you can pay me back anytime you want and my skype is nijyarj add me ill secure you

[FReeSTER]

Quote:

Originally Posted by Max Taxable

If you have the "Quick User Changer" hack, it's pretty easy for someone to gain access to ALL accounts if he gets access to a admin one. Just a thought.

Yeah I was thinking about this too and I do have it..

--------------- Added [DATE]1316276796[/DATE] at [TIME]1316276796[/TIME] ---------------

Quote:

Originally Posted by ReFuZe

What`s your site called I can secure for you I dont do it for free i do it for 10 dollars but if you dont get it then you can pay me back anytime you want and my skype is nijyarj add me ill secure you

I wish I would have $ on my paypal right now mate but I dont. I was looking at your thread you did about this but I dont get few parts of it..

Will try it and let you know.