Announcement

Collapse
No announcement yet.

My site was defaced

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Hotpuppy View Post
    Great info! I implemented this on my own site. I wish there was a compendium of security things that should be done on vbulletin.

    There is: http://www.vbulletin.com/forum/showt...ms-More-Secure
    sigpic

    Jihen Theory - Anime news, reviews and torrent tracker.

    Comment


    • #17
      Quick question, how do you change the links in the footer to point to the right address for the admin and mod links once you have changed them?
      Last edited by Poppet25; Wed 11th Nov '09, 11:56pm.

      Comment


      • #18
        Update the config.php with the proper directories.

        Comment


        • #19
          Most users do NOT have static IP's. So in implementing this, you say use a host name. Can you clarify? What host? Thanks!

          Comment


          • #20
            Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

            Eample:

            71-218-13-147.hlrn.qwest.net


            But in your htaccess file you would put just qwest.net

            Comment


            • #21
              Originally posted by dodgeboard.com View Post
              Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

              Eample:

              71-218-13-147.hlrn.qwest.net


              But in your htaccess file you would put just qwest.net
              Thank you. That is very helpful.

              Comment


              • #22
                the site looks fine now, I assume you got it working
                even if you have the latest vBulletin, I'm sure you've added mods to it, this would most likely be the hole they used to gain access.
                -- Web Developer for hire
                ---Online Marketing Tools and Articles

                Comment


                • #23
                  Originally posted by Zachery View Post
                  Update the config.php with the proper directories.
                  Did that and cleared my browser cache still points to the orginal links.

                  Comment


                  • #24
                    Originally posted by Poppet25 View Post
                    Did that and cleared my browser cache still points to the orginal links.
                    Something is causing it then, the default style uses the directories in the config.php file.

                    Comment


                    • #25
                      Sorry, I am copying from another post I just made:

                      If you are using VBSEO, today we found a security hole in vBSEO while working on a client's website. This hole affects all versions of vBSEO, including 3.3.2, and allows an attacker to perform any operation by installing shell scripts in your writable directories. It does not matter if these writable directories are into the public root of your forums; through vBSEO, they can include also files outside the public root.

                      We reported the hole to vBSEO, and they confirmed it. They then added the patch to their 3.3.2 version; so even if you have 3.3.2, you should re-upgrade it. They have not yet issued a public statement about this, but the latest vBSEO version includes today's patch.

                      Today, we had 6 different reports of the hack from other clients, so the thing is spreading fast.

                      The hackers first add shell scripts to your directories, then gain MySQL access by reading the config file and edit templates.
                      CarlitoBrigante on vb.org - MagnetiCat.com
                      Professional vBulletin development, support, upgrades

                      Comment


                      • #26
                        Thanks for that post Harry, as I was reading it, an email from vbSEO dropped in my inbox. Nice timing.
                        To be updated...

                        Comment


                        • #27
                          Would password-protecting the admincp directory, the modcp directory, and the includes directory also be recommended? Seems like that should stop arbitrary access to most sensitive scripts.
                          Adam

                          Admin of PentaxForums.com, premiere photography forum for Pentax users (Big-Board).

                          Comment


                          • #28
                            ENF, you are welcome. I came to the forums as soon as we had discovered it and reported it to vBSEO.

                            MoMan, yes, it might help against attacks that target files directly (this has happened some time in the past with custom mods), but most attacks, these days, use 99% of the times other means that it is better not to write in detail here, but that can bypass .htaccess restrictions. This said, security is a multi-layered thing, and every single layer counts. Even small tricks can make the difference.

                            And you won't believe how often the hacker simply brute-forces an easy to guess password. Believe it or not, there are still web owners out there with passwords "inspired" by Walt Disney's characters' names.
                            CarlitoBrigante on vb.org - MagnetiCat.com
                            Professional vBulletin development, support, upgrades

                            Comment


                            • #29
                              Weak passwords definitely constitute a pretty big risk. In fact, over the past week my server has seen nearly 30,000 failed logins via SSH- it seems hackers try to use default users like 'ssh' 'mysql' and others, probably with silly passwords, to see if any holes exist. I've also seen hackers try to guess the paths to control panels such as phpmyadmin (which you shouldn't have in a public or guessable directory to begin with).

                              I've followed most of the tips on these pages:

                              http://dev.geekpoint.net/articles/vb...security-tips/
                              http://dev.geekpoint.net/articles/vb...urity-tips-ii/
                              http://www.adminfusion.com/?p=vB20831

                              What else can be done to secure vB? It would be nice to know what methods hackers use so that if there are any holes, we can plug them up!
                              Adam

                              Admin of PentaxForums.com, premiere photography forum for Pentax users (Big-Board).

                              Comment


                              • #30
                                Thanks for this great post and all the links offered in it with other great information. I forgot everything I did in vB3 to secure it so all this information is very much appreciated!

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X