Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
  #16  
Old 19 Feb 2013, 13:57
meissenation meissenation is offline
 
Join Date: Apr 2005
Your link to LeetHost is offline... ironic? lol

I'm going through the same issue right now - one of my vbulletin sites was defaced - as far as I can tell they only changed the index.php and forum.php files in the forum directory, but it appears they also deleted the adminlog. I found a backdoor/shell PHP file, a mysql backup so they have a full backup of our forum's database, etc. I do not see new users in the administrator section so they didn't create themselves a user on the site. It was a 5 minute fix to get the forum working again but it's really troubling that they were able to add the shell file with such ease...
Reply With Quote
  #17  
Old 19 Feb 2013, 15:22
Inspector G Inspector G is offline
 
Join Date: Dec 2012
That is exactly what happened to mine to the tee...
Reply With Quote
  #18  
Old 19 Feb 2013, 19:28
Black Snow Black Snow is offline
 
Join Date: Jul 2012
p0wersurge have a deface script where member can submit a site url that they want hacked and defaced. My site was added to the list and therefore was hacked. While I was securing the forum, I setup a mibbit chat room and displayed the details of the chat room ID on my site while it was offline. The hackers came into the chat and acted like members of the forum but ended up confessing they were to blame.

They do it purely to prove they can. They get a quick buzz out of doing it. They really do it to get the database details for the HASH or SALT so they can crack it.
Reply With Quote
  #19  
Old 19 Feb 2013, 20:25
Inspector G Inspector G is offline
 
Join Date: Dec 2012
Question I have another question...

was it a VB 4.2 p 3
Reply With Quote
  #20  
Old 19 Feb 2013, 23:04
meissenation meissenation is offline
 
Join Date: Apr 2005
The guy who hacked our site left an e-mail address calling card and is offering to allow us to pay him $10 to restore the site and then give him admin access to keep it secured... lol...
Reply With Quote
  #21  
Old 20 Feb 2013, 09:21
Black Snow Black Snow is offline
 
Join Date: Jul 2012
Originally Posted by meissenation View Post
Your link to LeetHost is offline... ironic? lol

I'm going through the same issue right now - one of my vbulletin sites was defaced - as far as I can tell they only changed the index.php and forum.php files in the forum directory, but it appears they also deleted the adminlog. I found a backdoor/shell PHP file, a mysql backup so they have a full backup of our forum's database, etc. I do not see new users in the administrator section so they didn't create themselves a user on the site. It was a 5 minute fix to get the forum working again but it's really troubling that they were able to add the shell file with such ease...
Yes, they are upgrading some server components at the moment. That will be the same file I found. After I secured my site, well I thought I had, I opened my forum again. Because they had a copy of my database, they had cracked the moderators passwords and logged in with them and started leaving weird posts and threads. I had to edit the usergroups to make all my members change their passwords as soon as they logged in next.

I even had to manually change moderators passwords to ensure the hackers could not harm my forum until the original mods came back online. I would encourage you to do the same. Email all your members and explain what happened and make a compulsory password change immediately.

Originally Posted by Inspector G View Post
was it a VB 4.2 p 3
Yes is was. Since I moved to LeetHost, I have had no issues with any kind of hacking. No DDoS, hacking, spam or anything. They are really secure.

If you need any more info on this, let me know.
Reply With Quote
  #22  
Old 10 Apr 2013, 23:49
AK47- AK47- is offline
 
Join Date: Apr 2012
Originally Posted by Black Snow View Post
Yes, they are upgrading some server components at the moment. That will be the same file I found. After I secured my site, well I thought I had, I opened my forum again. Because they had a copy of my database, they had cracked the moderators passwords and logged in with them and started leaving weird posts and threads. I had to edit the usergroups to make all my members change their passwords as soon as they logged in next.

I even had to manually change moderators passwords to ensure the hackers could not harm my forum until the original mods came back online. I would encourage you to do the same. Email all your members and explain what happened and make a compulsory password change immediately.


Yes is was. Since I moved to LeetHost, I have had no issues with any kind of hacking. No DDoS, hacking, spam or anything. They are really secure.

If you need any more info on this, let me know.
Shadow008 suuuuuuuuuuuuuuuuuuuuuuuuuup xD Advertising your hosting hey? xD
Reply With Quote
  #23  
Old 28 Apr 2013, 15:55
y2ksw's Avatar
y2ksw y2ksw is offline
 
Join Date: Aug 2003
Real name: Giovanni
Another important issue against hacking is the basic server configuration. One of the encountered problems are the Apache mpm_worker module together with fast-cgi, which eventually run a bit faster, but will not allow to sandbox virtual hosts.

In order to allow sandboxing virtual hosts, and thus avoid that other infected sites on a single server will spread over other domains, you should use mpm_prefork and then, in each virtual host configuration:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Eventually you could use the systems (default) tmp folder, by adding its path to the sandbox:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This is particularily important when you already have had a defacement and can't determine which domain got hacked.
__________________
Giovanni
Italian support: http://www.vbulletin.it/
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 03:38.

Layout Options | Width: Wide Color: