[lasto]

so basically there is no way to protect yourself against this type of thing - so the culprit wins once again if he has to change his files etc.
Surely there must be some protection from this sort of stuff out there.
Remember this affects all of us in the long run not just fordsho

[fordsho]

Well i just finished upping the new files and well everything seems good for now... i lost my design and some other stuff but ill up those later on. but these guys are serious man i have a fairly decent number of members and what not and this guy just decides to take it from me..... i allready had someone steal my database when it was at 180k... that sucked big time.

[Boofo]

Chances are the kid found some vulnerability in a hack somewhere. It might even be one he helped to write and set up for this. This is an isolated case and we don't know all of the details.

[fordsho]

well heres the thing. the person doing this was probably one of my old staff who decided to steal the forum for his self and failed miserably...

[Boofo]

Well, he didn't get what he was after. And apparently he doesn't have that much access or he would have done more damage. You are lucky this time. If he might have had any other details, now would be a good time to reset all passwords, FTP, ADMIN and MOD CPs. etc.

[Wired1]

If he was just opening and closing the forum (e.g. from the adminCP), you can just demote all mods / admins except for yourself to a normal user, double check the rights of all the member groups, and check to make sure you're the only super admin (if you are one at all).

[Amenadiel]

I'm sure he didn't had access to the admincp either, because he could run custom queries from there to get the user list.

It seems to me he got a way to upload a php file, and by adding an include('includes/config.php') he ran a script that turned the forum down. Now, If he knew what he was doing, he would have included a query in the uploaded file itself to strip the user list. Again, it's just a script kiddie.

[Marco van Herwaarden]

Just think for yourself: If you where a hacker and had software to gain access to any vBulletin board, why would i target your site, i would go for the sites that get most attention: vb.com & vb.org.

Now how come we are never target to such successfull attacks if it was possible to hack "any vBulletin board".

[Freezerator]

I would seriously reconsider your password and security policy's for staff.

[nerofix]

One little question, is your whole webspace down or only your vb board?

If its the whole site (server not reachable anymore), then your provider should update the linux software with a better kernel.
I know this kinds of scripts getting your webspace down.

[fordsho]

His Reply.

What is their URL? And for you being a little smart** bi*ch, I'll work on cracking your cPanel anyways. I have a friend that does all sorts of shit like that and it would be nothing to f**k you up. You sound like an amateur. "you lick sswarez's A**hole while your hold it's balls"? Let me guess, you're 15? You think replacing your vBulletin will fix your problem? It didn't. I'm staring at your ftp right now. You have your shit set up all sloppy. Not too professional By the way, you can delete that chat directory. It doesn't seem to be working right, since your fag*ot a** doesn't know how to set it up.. lmao. Amateur? Yes indeed. Your site is perfect for XSS. That means Cross Site Scripting. Oh yeah. You're f**ed now.. LMFAO.

Now seriously. What's your f**king cPanel password? If I have to crack it myself, it's only going to piss me off and I'll delete EVERYTHING. F**ktard.

This guy is pissing me off... im going to have all my passes rest and then go from there.

[Boofo]

Resetting the passwords should have been one of the first things you did.

He's bluffing. Ignore him and do not respond to him. The chat remark gives him away. Most sites that have a chat on them have a chat directory. Also, if he had your FTP, you would be seeing some phantom pages by now. He's bluffing to try and get you to give in. And with language like he is using, I'm guessing he isn't 15 yet. Look there first at any staff you have had in the past.

[iogames]

Originally Posted by fordsho

His Reply.





This guy is pissing me off... im going to have all my passes rest and then go from there.

All I can say is: he's working more your mind than your board... RELAX! and learn everybody is trying to help you here...

[sinfull]

As Iogames stated, he's playing mind games.
Don't give in, put on your poker face
Also, my pass is 40 chars long consisting of letters numbers and an alot code.
Maybe you should do the same,so you don't have to worry about some little cracking attempts.

Btw, if he does have your database already, all he has to do is crack your hash and he has your forum password. So your best off to change it.

[lasto]

how is he getting in touch with u - if its by way of emails then he is leaving a trace etc - act upon it