Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 26 Jun 2012, 15:54
rockerzteam rockerzteam is offline
 
Join Date: Sep 2009
Vbulletin 4.2.0 Hacked?

Looks like a vulnerability have been found in 4.2.0.... A few websites running it have been hacked and taken down by this group.


XXXXXX hacked by trading-network.to
best german underground forum <3
REGARDS bizznez


Anyone know of these unexplained attacks?
Reply With Quote
  #2  
Old 26 Jun 2012, 16:23
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Were they running 4.2.0PL2?
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #3  
Old 26 Jun 2012, 16:26
rockerzteam rockerzteam is offline
 
Join Date: Sep 2009
They had all the updated patches installed waiting for a response from them.....

Last edited by rockerzteam; 26 Jun 2012 at 16:36.
Reply With Quote
  #4  
Old 26 Jun 2012, 17:30
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Find out if they were running any modifications also. And, make sure they check their access_logs to see what actually happened.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #5  
Old 26 Jun 2012, 19:08
rockerzteam rockerzteam is offline
 
Join Date: Sep 2009
How ever they got in they were able to obtain a full database backup,users,passwords,and delete all files from there FTP.
Reply With Quote
  #6  
Old 26 Jun 2012, 21:00
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Originally Posted by rockerzteam View Post
How ever they got in they were able to obtain a full database backup,users,passwords,and delete all files from there FTP.
If they deleted all the files through Ftp then it looks like the point of entry is not vb itself but some other third party stuff.
__________________
My mods.
Reply With Quote
  #7  
Old 26 Jun 2012, 22:38
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Yeah, they got in through the server if they were able to take a database backup, and download it, and delete files.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #8  
Old 27 Jun 2012, 01:30
rockerzteam rockerzteam is offline
 
Join Date: Sep 2009
Very strange. With the amount of security and difficulty they put into a generated password i find this scary for the rest of us.
Reply With Quote
  #9  
Old 27 Jun 2012, 01:35
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Originally Posted by rockerzteam View Post
How ever they got in they were able to obtain a full database backup,users,passwords,and delete all files from there FTP.
I'm curious, how do you know exactly what they were able to get? And when you say "from FTP", do you mean you know they did it via ftp?
Reply With Quote
  #10  
Old 27 Jun 2012, 02:55
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Originally Posted by rockerzteam View Post
Very strange. With the amount of security and difficulty they put into a generated password i find this scary for the rest of us.
You really haven't told us enough for us to say it was a matter of someone hacking the password. If they are on a shared server, it could have been through another account. If their own computer was compromised, their password could have been grabbed that way. It's really impossible to tell exactly how this happen with the little information given.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #11  
Old 27 Jun 2012, 11:03
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Indeed, without more info it is hard to know what exactly happened. All one can do is to guess and speculate. But that Ftp thing leads me to believe that it might have been a gumblar type of attack. Anyway, the thing is that there is no reason for panic that there is a security issue with the latest version of vb. Because if it was, then more forums would have been hacked and news would have been all over the net.
__________________
My mods.
Reply With Quote
  #12  
Old 27 Jun 2012, 11:39
nhawk nhawk is offline
 
Join Date: Jan 2011
This is the exact reason I don't deal with shared hosting, and why on every server I manage FTP and SSH is either limited access by IP address or is not accessible on the public IP for the servers.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 05:45.

Layout Options | Width: Wide Color: