Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
  #16  
Old 26 Feb 2008, 20:07
lasto lasto is offline
 
Join Date: Jan 2002
so basically there is no way to protect yourself against this type of thing - so the culprit wins once again if he has to change his files etc.
Surely there must be some protection from this sort of stuff out there.
Remember this affects all of us in the long run not just fordsho
Reply With Quote
  #17  
Old 26 Feb 2008, 20:21
fordsho fordsho is offline
 
Join Date: Jan 2008
Well i just finished upping the new files and well everything seems good for now... i lost my design and some other stuff but ill up those later on. but these guys are serious man i have a fairly decent number of members and what not and this guy just decides to take it from me..... i allready had someone steal my database when it was at 180k... that sucked big time.
Reply With Quote
  #18  
Old 26 Feb 2008, 20:23
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Chances are the kid found some vulnerability in a hack somewhere. It might even be one he helped to write and set up for this. This is an isolated case and we don't know all of the details.
Reply With Quote
  #19  
Old 26 Feb 2008, 21:00
fordsho fordsho is offline
 
Join Date: Jan 2008
well heres the thing. the person doing this was probably one of my old staff who decided to steal the forum for his self and failed miserably...
Reply With Quote
  #20  
Old 26 Feb 2008, 21:28
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Well, he didn't get what he was after. And apparently he doesn't have that much access or he would have done more damage. You are lucky this time. If he might have had any other details, now would be a good time to reset all passwords, FTP, ADMIN and MOD CPs. etc.
Reply With Quote
  #21  
Old 26 Feb 2008, 21:35
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
If he was just opening and closing the forum (e.g. from the adminCP), you can just demote all mods / admins except for yourself to a normal user, double check the rights of all the member groups, and check to make sure you're the only super admin (if you are one at all).
__________________
Admin of the Corsair Memory Forum (AKA the House of Help from back in the day)
Admin of Petri's IT Forum / Moderator at webdesignforums.net
Reply With Quote
  #22  
Old 26 Feb 2008, 22:50
Amenadiel's Avatar
Amenadiel Amenadiel is offline
 
Join Date: Sep 2006
I'm sure he didn't had access to the admincp either, because he could run custom queries from there to get the user list.

It seems to me he got a way to upload a php file, and by adding an include('includes/config.php') he ran a script that turned the forum down. Now, If he knew what he was doing, he would have included a query in the uploaded file itself to strip the user list. Again, it's just a script kiddie.
Reply With Quote
  #23  
Old 27 Feb 2008, 09:29
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Just think for yourself: If you where a hacker and had software to gain access to any vBulletin board, why would i target your site, i would go for the sites that get most attention: vb.com & vb.org.

Now how come we are never target to such successfull attacks if it was possible to hack "any vBulletin board".
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #24  
Old 27 Feb 2008, 09:56
Freezerator Freezerator is offline
 
Join Date: Dec 2001
Real name: Bas
I would seriously reconsider your password and security policy's for staff.
Reply With Quote
  #25  
Old 27 Feb 2008, 10:59
nerofix's Avatar
nerofix nerofix is offline
 
Join Date: Mar 2006
One little question, is your whole webspace down or only your vb board?

If its the whole site (server not reachable anymore), then your provider should update the linux software with a better kernel.
I know this kinds of scripts getting your webspace down.
Reply With Quote
  #26  
Old 27 Feb 2008, 14:46
fordsho fordsho is offline
 
Join Date: Jan 2008
His Reply.

What is their URL? And for you being a little smart** bi*ch, I'll work on cracking your cPanel anyways. I have a friend that does all sorts of shit like that and it would be nothing to f**k you up. You sound like an amateur. "you lick sswarez's A**hole while your hold it's balls"? Let me guess, you're 15? You think replacing your vBulletin will fix your problem? It didn't. I'm staring at your ftp right now. You have your shit set up all sloppy. Not too professional By the way, you can delete that chat directory. It doesn't seem to be working right, since your fag*ot a** doesn't know how to set it up.. lmao. Amateur? Yes indeed. Your site is perfect for XSS. That means Cross Site Scripting. Oh yeah. You're f**ed now.. LMFAO.

Now seriously. What's your f**king cPanel password? If I have to crack it myself, it's only going to piss me off and I'll delete EVERYTHING. F**ktard.


This guy is pissing me off... im going to have all my passes rest and then go from there.
Reply With Quote
  #27  
Old 27 Feb 2008, 15:03
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Resetting the passwords should have been one of the first things you did.

He's bluffing. Ignore him and do not respond to him. The chat remark gives him away. Most sites that have a chat on them have a chat directory. Also, if he had your FTP, you would be seeing some phantom pages by now. He's bluffing to try and get you to give in. And with language like he is using, I'm guessing he isn't 15 yet. Look there first at any staff you have had in the past.
Reply With Quote
  #28  
Old 27 Feb 2008, 16:18
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Real name: Josh Arcadia
Originally Posted by fordsho View Post
His Reply.





This guy is pissing me off... im going to have all my passes rest and then go from there.
All I can say is: he's working more your mind than your board... RELAX! and learn everybody is trying to help you here...
__________________
. █│║▌│█│║▌║│█║▌│║║█║
Reply With Quote
  #29  
Old 27 Feb 2008, 16:41
sinfull sinfull is offline
 
Join Date: Jan 2008
As Iogames stated, he's playing mind games.
Don't give in, put on your poker face
Also, my pass is 40 chars long consisting of letters numbers and an alot code.
Maybe you should do the same,so you don't have to worry about some little cracking attempts.

Btw, if he does have your database already, all he has to do is crack your hash and he has your forum password. So your best off to change it.
Reply With Quote
  #30  
Old 27 Feb 2008, 17:01
lasto lasto is offline
 
Join Date: Jan 2002
how is he getting in touch with u - if its by way of emails then he is leaving a trace etc - act upon it
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 09:10.

Layout Options | Width: Wide Color: