Announcement

Collapse
No announcement yet.

My site was defaced

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My site was defaced

    MY FORUM GOT HACKED! LATEST VERSION & EVERYTHING WTF!

    Cracked by http://www.xakepy.ru/ crackz team with help from DDOS-CREW-RU. Patch vBulletin and build super firewall to avoid combo DDOS-hole admin crack n00bz!
    Last edited by Zachery; Thu 12th Nov '09, 2:07am.
    > Follow this link for the CHEAPEST Domain Name Registration - Domain Transfers Are Even Cheaper! :)
    WoW Accounts, FFXI Accounts, Aion Accounts, FFXIV Accounts, MMORPG Market

  • #2
    Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?

    Comment


    • #3
      Originally posted by EGS View Post
      MY FORUM GOT HACKED! LATEST VERSION & EVERYTHING WTF!

      Cracked by http://www.xakepy.ru/ crackz team with help from DDOS-CREW-RU. Patch vBulletin and build super firewall to avoid combo DDOS-hole admin crack n00bz!
      Oh no that's bad. You must of had an easy password....
      Once you get back on there go into your admincp > vBulletin options (drop down menu) > user banning options and put that url in the banning ip and email address > Save
      Aussiefootyforums

      New Site New forum
      Come and talk sports all day long


      Comment


      • #4
        NO I didn't have an easy password all mine are completely random with symbols, numbers, and letters!!!
        What's going on with providing an insecure product? I am holding the makers of vBulletin liable for this. My forum was huge.
        > Follow this link for the CHEAPEST Domain Name Registration - Domain Transfers Are Even Cheaper! :)
        WoW Accounts, FFXI Accounts, Aion Accounts, FFXIV Accounts, MMORPG Market

        Comment


        • #5
          Originally posted by EGS View Post
          NO I didn't have an easy password all mine are completely random with symbols, numbers, and letters!!!
          What's going on with providing an insecure product? I am holding the makers of vBulletin liable for this. My forum was huge.
          Going to be kinda hard considering that according to their TOS they can't be held accountable...

          IN NO EVENT SHALL VBULLETIN.COM OR ITS OWNER BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT DAMAGES ARISING FROM YOUR USE OF VBULLETIN.COM OR ITS SERVICES EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
          Honestly if your forum got haxed it's your own damn fault. Sorry kid better luck next time. Vbulletin allows you to backup your database for a reason.

          Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?
          Good idea bud rep shall be given for that.

          OOC: What would be the commands put into the .htaccess file to allow it to do that and can you do it with a dynamic ip?
          Last edited by zomega; Thu 5th Nov '09, 8:03pm.
          sigpic

          Jihen Theory - Anime news, reviews and torrent tracker.

          Comment


          • #6
            How do you know it was vBulletin that was the cause of the exploit? Do you have server logs, or evidance pointing to the fact it was a exploit of vBulletin itself? Are you sure your server, plugins, other third party software, and all other software on your entire server is secure up to date and has no known security issues?

            Comment


            • #7
              I just implemented some additional security after seeing this. Added an htaccess file to the modcp so that my only moderator is the only one that can access the directory (already have one for my admincp) Plus, I renamed the admincp and modcp directories to something custom (difficult to guess).

              Comment


              • #8
                He has an old version of vBSEO 3.3.0 which has a WELL KNOWN EXPLOIT

                Hackers gained access to his admincp using the exploit, exploited the fact that he has the standard admincp directory with no htaccess file in place, created a notice to brag about their successful hack, then created a redirect in his footer.

                It's an easy fix as his database is fortunately still intact. He just needs to get in and secure his forums by the well known methods discussed on this site.

                EGS, this is an easy fix. Calm down and stop being so threatening, and we will gladly help you out.
                Last edited by dodgeboard.com; Thu 5th Nov '09, 8:18pm.

                Comment


                • #9
                  Originally posted by dodgeboard.com View Post
                  He has an old version of vBSEO 3.3.0 which has a WELL KNOWN EXPLOIT

                  Hackers gained access to his admincp using the exploit, exploited the fact that he has the standard admincp directory with no htaccess file in place, created a notice to brag about their successful hack, then created a redirect in his footer.

                  It's an easy fix as his database is fortunately still intact. He just needs to get in and secure his forums by the well known methods discussed on this site.

                  EGS, this is an easy fix. Calm down and stop being so threatening, and we will gladly help you out.
                  would you mind elaborating on this htaccess file mod?
                  thanks

                  Comment


                  • #10
                    htaccess is not a mod, it's a file that can be used to restrict access to certain directories...I will elaborate...create a text file and name it ".htaccess" (note the period before the filename) and place it into your modcp and admincp directories. This is what you put in the file:



                    order deny,allow
                    deny from all
                    allow from 211.23.112.105
                    allow from 73.211.58.6
                    allow from sbc.net
                    allow from host.net
                    Only the IP's and hostnames that you put into this file will be able to access the directory. Anyone else wont even see the login for the admincp. It's fairly effective


                    Use a hostname (host.com) if your admin or mods have a dynamic IP. But use an IP if they have a static IP (greater security).

                    Comment


                    • #11
                      also see: http://www.vbulletin.com/forum/showt...ms-More-Secure

                      Comment


                      • #12
                        Do you know that there is still a notice on your site? You should turn that off. Also, in a lot of your signature lines, it's stating the exact same thing as the notice.

                        Go look in the thread where you're talking about some Staff members going Rouge on you.

                        Also, why do you allow Guest posting without the need to register?

                        Comment


                        • #13
                          Good Job EGS!

                          I noticed you have regained access to your forums, updated your vBSEO and changed your admincp directory from the known defaults. I suspect you aslo implemented a htaccess file. Way to go!!

                          We learn from our mistakes.

                          Comment


                          • #14
                            Originally posted by EGS View Post
                            I am holding the makers of vBulletin liable for this.
                            Don't you now owe the makers of vBulletin an apology?

                            Comment


                            • #15
                              Originally posted by dodgeboard.com View Post
                              htaccess is not a mod, it's a file that can be used to restrict access to certain directories...I will elaborate...create a text file and name it ".htaccess" (note the period before the filename) and place it into your modcp and admincp directories. This is what you put in the file:



                              Only the IP's and hostnames that you put into this file will be able to access the directory. Anyone else wont even see the login for the admincp. It's fairly effective


                              Use a hostname (host.com) if your admin or mods have a dynamic IP. But use an IP if they have a static IP (greater security).
                              Great info! I implemented this on my own site. I wish there was a compendium of security things that should be done on vbulletin.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X