Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #31  
Old 10 Aug 2014, 19:56
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
And I assume the same thing for each usergroup?
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #32  
Old 10 Aug 2014, 19:57
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Yes, HTML is disabled in all usergroups as well.
Reply With Quote
  #33  
Old 10 Aug 2014, 19:59
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
And you have went through all the php files in your forum root, and there is nothing there that should not be?
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #34  
Old 10 Aug 2014, 20:04
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Have you changed all passwords for all admins, FTP and capnel if not it needs done. The next step is to hire someone to find out how you have been hacked
Reply With Quote
  #35  
Old 10 Aug 2014, 20:05
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
How about any erroneous cron jobs? ACP --> Scheduled Tasks --> Scheduled Task Manager
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #36  
Old 10 Aug 2014, 20:07
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
I ran Maintenance > Diagnostics > Suspect file versions and checked every file that had a notice. Aside from some older files from previous versions of VB and old plugins, nothing was out of place.

I replaced all VB core files with fresh downloads, and replaced most plugin files as well.

Sucuri and ClamAV didn't find anything either.

--------------- Added 10 Aug 2014 at 20:10 ---------------

Originally Posted by ozzy47 View Post
How about any erroneous cron jobs? ACP --> Scheduled Tasks --> Scheduled Task Manager
Those all seem to be ok as far as I can tell. There's a couple from mods and the rest look like core VB tasks.
Reply With Quote
  #37  
Old 10 Aug 2014, 20:16
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Real name: John
Originally Posted by ifitsmedia View Post
Thanks tpearl5. Yes, install dir was already removed.

I also suspect there is a backdoor somewhere, or a file that is vulnerable to sql injection. I'm wondering if there are some strings I can search my apache raw access logs for to identify the culprit.
I'm not sure anything would appear in the access logs, but you may want to look at and sort by the modified dates of any files (not just vbulletin ones).
__________________
John
Reply With Quote
  #38  
Old 10 Aug 2014, 20:18
doctorsexy's Avatar
doctorsexy doctorsexy is offline
 
Join Date: Apr 2011
Real name: Chris
Why are you on 4.2.1 and not 4.2.2
__________________
http://sandstormradio.org
Reply With Quote
  #39  
Old 10 Aug 2014, 20:21
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
It was due to incompatibility with a mod I was using. I'm no longer using it and will be upgrading, but I don't think 4.2.1 PL1 -> 4.2.2 PL1 fixes any security issues.

Last edited by ifitsmedia; 10 Aug 2014 at 20:30.
Reply With Quote
  #40  
Old 10 Aug 2014, 22:24
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Looks like you may have to resort to paying to have it sorted.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #41  
Old 11 Aug 2014, 12:09
Mark.B Mark.B is offline
 
Join Date: Feb 2004
There's nothing in 4.2.2 that would break a modification that worked on 4.2.1.

Upgrade to 4.2.2 and add the following line to your /includes/config.php file, right under the <?php line:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
MARK.B (Member of the vB Support Team)
Reply With Quote
  #42  
Old 11 Aug 2014, 14:18
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
For everyone who is saying to upgrade as a response to this thread, are you suggesting that vBulletin 4.2.1 PL1 is not secure? I don't think that is the case.
Reply With Quote
  #43  
Old 11 Aug 2014, 14:33
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
It is secure, it just 4.2.2 is just more secure, but if you like what you have stay with it as long as you have installed the latest security patch that came out a few months ago.
Reply With Quote
  #44  
Old 11 Aug 2014, 16:30
Disco_Stu's Avatar
Disco_Stu Disco_Stu is offline
 
Join Date: Apr 2012
How is it that hackers can find the security holes so easily before they are spotted by vBulletin developers? Are they smarter than the software developers at vBulletin or is vBulletin not spending enough time and effort on QC ?

It seems like they release a new version and wait for the hackers to show them where they messed up instead of conducting enough testing prior to the release.
Reply With Quote
  #45  
Old 11 Aug 2014, 16:41
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by Mark.B View Post
There's nothing in 4.2.2 that would break a modification that worked on 4.2.1.

Upgrade to 4.2.2 and add the following line to your /includes/config.php file, right under the <?php line:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.
Unless there is a very good reason to disable all error reporting, please use SKIP_DS_ERRORS.

That reverts 4.2.2 to use the same as 4.2.1 (and previous versions).
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:45.

Layout Options | Width: Wide Color: