Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 07 Apr 2014, 16:06
johnmat johnmat is offline
 
Join Date: Feb 2012
29 Admins

I see 29 Admin accounts in my vbulletin, my forum was hacked and later I hired a pro to fix the forum. I implemented security measures listed here - http://www.vbulletin.org/forum/showthread.php?t=193930

Now I am surprised to see 29 admins in my forum. How to remove them and identify the damage they did to the forum and secure the forum against this security issue?
Reply With Quote
  #2  
Old 07 Apr 2014, 17:09
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
I would do the following, to ensure everything is clean.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Reply With Quote
  #3  
Old 08 Apr 2014, 11:51
johnmat johnmat is offline
 
Join Date: Feb 2012
The Config.php still compromised after upgrading to - 4.2.2 Patch Level 1

How to fix this issue and other issues in 4.1 Version after upgrading to 4.2.2 Patch Level 1
Reply With Quote
  #4  
Old 08 Apr 2014, 23:18
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
__________________
Looking for ImpEx?
Reply With Quote
  #5  
Old 08 Apr 2014, 23:35
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Just follow the blog posts and don't skip any parts
Reply With Quote
  #6  
Old 28 Apr 2014, 17:57
johnmat johnmat is offline
 
Join Date: Feb 2012
My config.php file is severely hacked and I want to upload new file from downloaded installation files from vbulletin Members Area.... Where is the config.php file located and are there any changes required in it to make vbulletin forum run properly?
Reply With Quote
  #7  
Old 28 Apr 2014, 18:07
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
The config.php file should be in your /includes directory. And yes, you need to enter your mysql information into that file in order for vbulletin to be able to connect to your mysql server.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #8  
Old 28 Apr 2014, 19:05
johnmat johnmat is offline
 
Join Date: Feb 2012
Where to enter the --- 'List of Email domains to ban ' ?
Reply With Quote
  #9  
Old 29 Apr 2014, 05:07
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
AdminCP > Settings > Options > User Banning Options > Banned Email Addresses
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #10  
Old 12 May 2014, 09:44
johnmat johnmat is offline
 
Join Date: Feb 2012
Where to check the Super Admin or Admin users? As I can't delete or give infractions to the posts or users.
Reply With Quote
  #11  
Old 12 May 2014, 12:15
blind-eddie's Avatar
blind-eddie blind-eddie is online now
 
Join Date: Apr 2006
Real name: Tim
Look in the config.php file again, scroll down to or search for... USERS WITH ADMIN LOG VIEWING PERMISSIONS....

Make sure this section in your config.php looks like this...Remove all user id's but yours. Your user id is 1 I would assume, if not change 1 to your userid.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


SAVE......

Once that is complete, you should be able to remove the other "admins"
__________________
LONG LIVE 3.8 SERIES
National Arcade Competition Club- NACC All arcade edits will work on vb4.
Check out my heavily modified ibproarcade with over 50,000 games for you, free of charge!
Exclusive arcade addons, edits and skins were made by stangger5 owner of Next Level Arcade
Reply With Quote
  #12  
Old 20 May 2014, 17:52
blind-eddie's Avatar
blind-eddie blind-eddie is online now
 
Join Date: Apr 2006
Real name: Tim
How did it go johnmat, where you able to fix your issue?
__________________
LONG LIVE 3.8 SERIES
National Arcade Competition Club- NACC All arcade edits will work on vb4.
Check out my heavily modified ibproarcade with over 50,000 games for you, free of charge!
Exclusive arcade addons, edits and skins were made by stangger5 owner of Next Level Arcade
Reply With Quote
  #13  
Old 20 May 2014, 21:05
Disco_Stu's Avatar
Disco_Stu Disco_Stu is offline
 
Join Date: Apr 2012
If someone is hacking your database you might try adding a trigger to your user table that can send you an email anytime a record is added for a specific user group

Here's a sample of a trigger checking for a column value on an insert operation.

CREATE TRIGGER upd_check BEFORE UPDATE ON user
-> FOR EACH ROW
-> BEGIN
-> IF NEW.usergroupid = 6 THEN
-> send yourself an email
-> END IF;
-> END;//


And here's a link to how to use a trigger to send yourself an email:

http://stackoverflow.com/questions/3...from-mysql-5-1


Now no matter how they access your database (directly , ftp or through vbulletin) you will be alerted immediately

It may be easier to have the trigger write the info to a text file then set up a cron job to actually send the email.

I haven't tested this yet but will so shortly

Last edited by Disco_Stu; 20 May 2014 at 21:20.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:23.

Layout Options | Width: Wide Color: