Announcement

**zomega** · Fri 6th Nov '09, 10:12am

Originally posted by Hotpuppy View Post

Great info! I implemented this on my own site. I wish there was a compendium of security things that should be done on vbulletin.

There is: http://www.vbulletin.com/forum/showt...ms-More-Secure

**Poppet25** · Wed 11th Nov '09, 11:46pm

Quick question, how do you change the links in the footer to point to the right address for the admin and mod links once you have changed them?

**Zachery** · Thu 12th Nov '09, 1:08am

Update the config.php with the proper directories.

**bjkinzluvr** · Thu 12th Nov '09, 6:20am

Most users do NOT have static IP's. So in implementing this, you say use a host name. Can you clarify? What host? Thanks!

**dodgeboard.com** · Thu 12th Nov '09, 6:26am

Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

Eample:

71-218-13-147.hlrn.qwest.net

But in your htaccess file you would put just qwest.net

**bjkinzluvr** · Thu 12th Nov '09, 6:36am

Originally posted by dodgeboard.com View Post

Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

Eample:

71-218-13-147.hlrn.qwest.net

But in your htaccess file you would put just qwest.net

Thank you. That is very helpful.

**Loco.M** · Thu 12th Nov '09, 7:15am

the site looks fine now, I assume you got it working
even if you have the latest vBulletin, I'm sure you've added mods to it, this would most likely be the hole they used to gain access.

**Poppet25** · Thu 12th Nov '09, 12:48pm

Originally posted by Zachery View Post

Update the config.php with the proper directories.

Did that and cleared my browser cache still points to the orginal links.

**Zachery** · Thu 12th Nov '09, 2:46pm

Originally posted by Poppet25 View Post

Did that and cleared my browser cache still points to the orginal links.

Something is causing it then, the default style uses the directories in the config.php file.

**DirtyHarry** · Tue 17th Nov '09, 2:53pm

Sorry, I am copying from another post I just made:

If you are using VBSEO, today we found a security hole in vBSEO while working on a client's website. This hole affects all versions of vBSEO, including 3.3.2, and allows an attacker to perform any operation by installing shell scripts in your writable directories. It does not matter if these writable directories are into the public root of your forums; through vBSEO, they can include also files outside the public root.

We reported the hole to vBSEO, and they confirmed it. They then added the patch to their 3.3.2 version; so even if you have 3.3.2, you should re-upgrade it. They have not yet issued a public statement about this, but the latest vBSEO version includes today's patch.

Today, we had 6 different reports of the hack from other clients, so the thing is spreading fast.

The hackers first add shell scripts to your directories, then gain MySQL access by reading the config file and edit templates.

**ENF** · Tue 17th Nov '09, 7:11pm

Thanks for that post Harry, as I was reading it, an email from vbSEO dropped in my inbox. Nice timing.

**MoMan** · Tue 17th Nov '09, 7:51pm

Would password-protecting the admincp directory, the modcp directory, and the includes directory also be recommended? Seems like that should stop arbitrary access to most sensitive scripts.

**DirtyHarry** · Tue 17th Nov '09, 9:05pm

ENF, you are welcome. I came to the forums as soon as we had discovered it and reported it to vBSEO.

MoMan, yes, it might help against attacks that target files directly (this has happened some time in the past with custom mods), but most attacks, these days, use 99% of the times other means that it is better not to write in detail here, but that can bypass .htaccess restrictions. This said, security is a multi-layered thing, and every single layer counts. Even small tricks can make the difference.

And you won't believe how often the hacker simply brute-forces an easy to guess password. Believe it or not, there are still web owners out there with passwords "inspired" by Walt Disney's characters' names.

**MoMan** · Wed 18th Nov '09, 9:11am

Weak passwords definitely constitute a pretty big risk. In fact, over the past week my server has seen nearly 30,000 failed logins via SSH- it seems hackers try to use default users like 'ssh' 'mysql' and others, probably with silly passwords, to see if any holes exist. I've also seen hackers try to guess the paths to control panels such as phpmyadmin (which you shouldn't have in a public or guessable directory to begin with).

I've followed most of the tips on these pages:

http://dev.geekpoint.net/articles/vb...security-tips/
http://dev.geekpoint.net/articles/vb...urity-tips-ii/
http://www.adminfusion.com/?p=vB20831

What else can be done to secure vB? It would be nice to know what methods hackers use so that if there are any holes, we can plug them up!

**JiggenJ** · Fri 15th Jan '10, 10:13pm

Thanks for this great post and all the links offered in it with other great information. I forgot everything I did in vB3 to secure it so all this information is very much appreciated!

vBulletin 3 End of Life

Announcement

My site was defaced

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment