Announcement

Collapse
No announcement yet.

vB hacked by Dengesiz Team?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vB hacked by Dengesiz Team?

    Hi

    I have just had a break into index.php file of vB (redirecting to their page) by a Dengesiz Team.

    Any of you had the same issue?


    We are collecting now more details about break in.


    Rgds
    Zlos

  • #2
    What version of vBulletin were you running?

    You can follow these tips to further secure your forum: http://www.vbulletin.com/forum/showthread.php?t=194701
    Best Regards
    Colin Frei

    Please don't contact me per PM.

    Comment


    • #3
      Make sure you don't have HTML enabled in any of your forums.
      Bob- (pank)
      pankpages.com / http://twitter.com/_pank

      Comment


      • #4
        I have HTML enabled for one forum due to needing to put an exact copy of Service Notices for BC Ferries. Anyway I can do this while still staying secure, other then due it via a CMS instead?

        Comment


        • #5
          As for the service notices: Try 'CMS System Version 1.0.0 By Zero Tolerance' - I don't know if he modified it to work with vB 3.5 but that one should be perfect for such simple things.

          I am using it as an database for articles together with a custom rewrite rule: http://www.pagodentreff.de/artikel/
          That's the end of that!

          Comment


          • #6
            Originally posted by Mac Write View Post
            I have HTML enabled for one forum due to needing to put an exact copy of Service Notices for BC Ferries. Anyway I can do this while still staying secure, other then due it via a CMS instead?
            Depends on what your grabbing from their site, where you want it and in what format.
            I wrote ImpEx.

            Blog | Me

            Comment


            • #7
              The title to this is a misnomer. VB was not hacked ;D

              Is HTML enabled like mentioned? This is a big hole for scripts to be run.

              Otherwise it could be something as simple as a keylogger that picked up an admin pw.

              Comment


              • #8
                You close the forums so only admins can post and enable HTML, thats the only secure way.
                Scott MacVicar

                My Blog | Twitter

                Comment


                • #9
                  This question is for the person who's board got hacked. Did you happen to have flashchat from tufat.com installed?

                  My board was hacked by dengesiz team, but its a phpbb installation and I had flashchat installed. Apparently there is a major hole in that system.

                  http://forum.tufat.com/showthread.php?t=24428

                  Comment


                  • #10
                    Anyone who has vbulletin integrated with Flashchat should delete all the files in Flashchats CMS folder except the vbulletin##CMS.php file that they are using (## = 30, 35 or 36) - all the other files are for other systems, and not used. This will prevent the recent exploit linked above (using the aedating cms file).
                    Baby, I was born this way

                    Comment


                    • #11
                      Good warning Paul.

                      http://www.vbulletin.com/forum/showthread.php?t=198902

                      This exploit was known in June but they still haven't provided a fix.
                      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                      Change CKEditor Colors to Match Style (for 4.1.4 and above)

                      Steve Machol Photography


                      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                      Comment


                      • #12
                        Originally posted by Steve Machol View Post
                        Good warning Paul.

                        http://www.vbulletin.com/forum/showthread.php?t=198902

                        This exploit was known in June but they still haven't provided a fix.
                        That's probably because it doesn't exist, I think they (securityfocus) have confused two products with the same name - this is their warning

                        http://www.securityfocus.com/bid/18480

                        There is no file called adminips.php in the Tufat version of Flashchat, and never has been.
                        Baby, I was born this way

                        Comment


                        • #13
                          Strange. However it wouldn't be the first time someone got the script name wrong in security focus. It looks like it's actually aedating4CMS.php:

                          http://forum.tufat.com/showthread.ph...light=security
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment


                          • #14
                            im using flash chat but i chose not to have it integrated with my vbulletin forum,i instead chose to use a link on my forum page instead ,i installed flashchat into its own dir and it even uses a different mysql database than the one om vbulletin installation uses, so what i would like to know is will my board still be affected by this security issue or does it only affect those that have flashcaht integrated?

                            Comment


                            • #15
                              It would most likely be better to ask this at the flash chat forum. As this program was the main security flaw, it may be better to not take any risk if you have valuable information or data.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X