Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page How to Protect your Forum from Malware Insertion
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-26-2012, 08:14 AM
rmani84 rmani84 is offline
 
Join Date: Jul 2010
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How to Protect your Forum from Malware Insertion
My forum got hacked for the second time in last 12 months ... I was able to recover from backup restore and good help from my hosting folks ...

They gave me the below log this time ...

Quote:
91.121.177.53 - - [23/Oct/2012:09:31:30 -0500] "POST /vbseocp.php HTTP/1.1" 200 1326 "-" "Mozilla/5.0 (Windows; I; Windows NT 5.1; ru; rv:1.9.2.13) Gecko/20100101 Firefox/4.0"
I need to work on permissions on the below one, which is my mistake which i should have foreseen,
Quote:
Your config.xml is writable. Don't forget to update permissions after you finish updating the configuration for security purposes.
Below's what i want to discuss really in this thread from a security perspective,

Quote:
Is our forum more vulnerable to Hackers, when our VBulletin version and VBSEO version is displayed in public ... Does it make it too easy a job for them to hack ?
For example, when i display my VBulletin version as 4.x at footer in copyright and the hacker sees it and knows its a vulnerable version ... He then works on it and eventually hacks it ...

If i can pay off for the copyright removal, then the Hacker needs to put in additional effort to figure out ways to hack (Is my assumption) ....

I am ready to pay off for copyright removal for VB and VBSEO if it means my chances of getting hacked gets reduced even a little ...

Quote:
Experts on Security, please comment ....
Reply With Quote
  #2  
Old 10-26-2012, 08:41 AM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There is no need to go that far, just do the following and it will remove the Version of vBulletin you are using and this is allowed.

go to "language and phrase" and search "Powered by" On the first phrase (powered_by_vbulletin) delete "Version {1}"
Reply With Quote
  #3  
Old 10-26-2012, 12:36 PM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It sounds like you got "hacked" because you didn't secure your site..
You're also running an old version of vbulletin, and I'll assume your plugins need updated as well..

Quote:
Your config.xml is writable. Don't forget to update permissions after you finish updating the configuration for security purposes.
It has nothing to do with the version being displayed, but you can hide that stuff without paying for copyright removal.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:33 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03358 seconds
  • Memory Usage 2,179KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete