PDA

View Full Version : My board was hacked


The Keeper
22 Sep 2002, 22:20
I think my board was hacked. They didn't destroy anything on the forum - but one of my members posted a snapshot of a private (moderator) forum.
One of my moderators asked where he got the pic from, and his best friend (who is I think is also a vb owner and knows a lot about computers and security) replied:


INSERT INTO moderator VALUES ('12', '231', '5', '0', '0', '1', '1', '1', '1', '1', '1', '0', '0', '0', '1', '0', '0', '1', '1');

EDIT: Though what does it matter? He has it etc...

Is it possible he's found a way to hack into the database?

I'm running 2.2.4

NTLDR
22 Sep 2002, 22:22
Thats the statement for adding a moderator, but unless he has a way to run queries on your DB its useless.

Xenon
22 Sep 2002, 22:41
well you should really upgrade to vb227 there are some security fixes in it...

Erwin
23 Sep 2002, 02:55
2.2.4 is not secure. Upgrade to 2.2.7.

The Keeper
24 Sep 2002, 09:58
I've upgraded now, but I need advice on what to do with such a member? I really have no proof he hacked, but I do know he posted a pic of something he shouldn't have access to.

Xenon
24 Sep 2002, 10:00
well i'd show him the yellow card.....

Neo
24 Sep 2002, 11:30
2.2.7 isnt secure. I hacked my 2.2.7 board a few times and got access to the admin area.

Xenon
24 Sep 2002, 11:32
i hope you've told this infos to the developers ;)

The Keeper
24 Sep 2002, 13:25
This is dissapointing to know.
Do you guys have any idea how this hacking on my forum may have happened?? Through admin area? I am led to believe he was able to procure other data from the database including IP addresses.

If it was through the admin area, I've now passworded that directory, hopefully that will stifle attempts, but if he has my admin password, then what's the point anyway

Is there anything I can do about this, like report it to some authority, if I'm able to collect evidence?

Steve Machol
24 Sep 2002, 17:54
Originally posted by Neo
2.2.7 isnt secure. I hacked my 2.2.7 board a few times and got access to the admin area. If you have evidence of this then please send it to support@vbulletin.com. Include the exact steps you are using to hack your 2.2.7 forum.

Neo
24 Sep 2002, 20:23
Heh sorry I wasnt really clear with that was I?

I have two account with my hosting service and through phpmyadmin I was able to edit my user account so that I was a admin and or mod.

There is nothing VB can really do about that.


So no version is really secure ;)

Steve Machol
24 Sep 2002, 20:38
This is a problem with your phpMyAdmin password and/or hosting service. Of course if anyone gains direct access to the database they can do pretty much anything they want.

Neo
24 Sep 2002, 21:05
Actually I have seen this problem with many hosting companies. Many of them are to lazy to make anything totally secure... like being able to gain root access.

I told them about it but they yelled at me and said I shouldnt be hacking....which makes sence but what is a "real" hacker comes along? o_O

Steve Machol
24 Sep 2002, 22:47
Originally posted by Neo
I told them about it but they yelled at me and said I shouldnt be hacking....which makes sence but what is a "real" hacker comes along? o_O Geez! Find yourself another hosting company fast!

The Keeper
24 Sep 2002, 23:50
OK I've heard things previously about someone coming to the forum and finding themselves logged in as another member.
Is it possible this person could have turned up to the forum and found himself logged in as a moderator because of his IP at teh time?

Neo
25 Sep 2002, 00:28
HEH this forum was just hacked and I believe it runs 2.2.7

http://www.animehorizons.com/forums/index.php?s=

DrkFusion
25 Sep 2002, 00:39
the site too ^

Steve Machol
25 Sep 2002, 01:30
That entire site was hacked as DrkFusion points out. There is no way vB can protect itself from a hacked server.

Freddie Bingham
25 Sep 2002, 02:22
... and adding hacks to your forum makes it much less secure. This is something that is overlooked by most. Turning register_globals off helps alot since that will solve most cases of sql injection and always use intval() and addslashes().

Erwin
25 Sep 2002, 03:39
Note that if you're on a shared server, you are basically in a lot of trouble. Dedicated servers tend to be more secure, for obvious reasons. Yeah, and do check the code of hacks you install. :) Some of holes larger than the black hole in the centre of this galaxy. I won't mention names... but some of these hacks have been installed by a lot of people.

TECK
25 Sep 2002, 04:16
Originally posted by Neo
Actually I have seen this problem with many hosting companies. Many of them are to lazy to make anything totally secure... like being able to gain root access.

I told them about it but they yelled at me and said I shouldnt be hacking....which makes sence but what is a "real" hacker comes along? o_O all you have to do is use htaccess, neo.
all your hacker attempts are history then. so protect your admin and phpmyadmin folders and you wont be able jack hack nothing at all. :)

try it and let me know how unsuccessfull you were, once protected with htaccess. :p ;)

TECK
25 Sep 2002, 04:20
Originally posted by freddie
... and adding hacks to your forum makes it much less secure. This is something that is overlooked by most. Turning register_globals off helps alot since that will solve most cases of sql injection and always use intval() and addslashes(). hmm i agree freddie. we need Hack Reviews. definitelly.
some people install hacks and have no idea why or how they are created, but they like the features of it.
they dont ask themself, "ok this hack is it gonna ruin my board?"
no. not at all.

that's why the reviews come handy. people with code experience could drop a line there to guide the novice coders who "attempt" to release a hack just for the fun of it.