Announcement

Collapse
No announcement yet.

Hacked - Anyone want to play detective?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked - Anyone want to play detective?

    Earlier today my website got hacked.. Looks like it was a simple defacement by a script kiddy though.

    We were running vBulletin 3.8.4, and various add-ons;
    vBadvanced Dynamics, vBSEO, v3arcade 2.0.0, vBulletin Blog, and more..

    I have the server logs downloaded, but don't have a clue what I'm looking for in honesty. I've disabled all modifications until I know where the vulnerability lies, anyone fancy playing detective?

  • #2
    1) Fixing the damage:

    You need to restore a backup from before the forum was hacked. If you don't have a backup then you should ask your host if they have one.

    2) Preventing future attacks:

    Here are some security tips to help prevent this in the future:

    http://www.vbulletin.com/forum/showthread.php?t=194701

    3) Finding out exactly how they hacked you:

    If an admin or mod account was hijacked then you might find evidence of their activities in the vBulletin logs:

    Admin CP -> Statistics & Logs

    It can be difficult to track down exactly how the hacker got in. You will need to consult with your host to examine the server logs for evidence of intrusion. Otherwise you can just follow the above security tips to help prevent future attacks.

    Another thing I have been seeing lately is vBulletin forums on shared servers being hacked through other hosting accounts on the same shared server. Unfortunately there isn't anything you can do to protect against this unless you move to a VPS or dedicated server.

    Comment


    • #3
      Originally posted by Oblivion Knight View Post
      Earlier today my website got hacked.. Looks like it was a simple defacement by a script kiddy though.

      We were running vBulletin 3.8.4, and various add-ons;
      vBadvanced Dynamics, vBSEO, v3arcade 2.0.0, vBulletin Blog, and more..

      I have the server logs downloaded, but don't have a clue what I'm looking for in honesty. I've disabled all modifications until I know where the vulnerability lies, anyone fancy playing detective?
      Andy, what is on the "more" part of that list? AFAIK, no vulnerabilities are known in the current versions of the products you did list.
      [URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]

      Comment


      • #4
        I had 61 modifications installed from vbulletin.org, and probably another handful on top of that from vBEnhancer.

        I could probably try and get an exact list if you're that interested though.

        Comment


        • #5
          Originally posted by Oblivion Knight View Post
          I had 61 modifications installed from vbulletin.org, and probably another handful on top of that from vBEnhancer.

          I could probably try and get an exact list if you're that interested though.
          61?! Blimey I thought I had a lot with 4 or 5. That must vastly increase the number of queries your forum is generating.

          Comment


          • #6
            Originally posted by Cromulent View Post
            61?! Blimey I thought I had a lot with 4 or 5. That must vastly increase the number of queries your forum is generating.
            Actually it didn't really.

            I switched off a lot of default features, some of which executed a lot more queries than any of my installed modifications added.

            Some of them were minor modifications to existing functions, and some were template based.

            Comment


            • #7
              There really is no way we can determine how they did this. However given the large number of add-ons I would not be surprised if one or more of them is the problem.

              Please see this thread on how to make your vBulletin more secure:

              http://www.vbulletin.com/go/secure
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X