Announcement

Collapse
No announcement yet.

My site was defaced

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • melbo
    replied
    .....................................
    Last edited by melbo; Sat 16th Jan '10, 6:17pm.

    Leave a comment:


  • JiggenJ
    replied
    Thanks for this great post and all the links offered in it with other great information. I forgot everything I did in vB3 to secure it so all this information is very much appreciated!

    Leave a comment:


  • MoMan
    replied
    Weak passwords definitely constitute a pretty big risk. In fact, over the past week my server has seen nearly 30,000 failed logins via SSH- it seems hackers try to use default users like 'ssh' 'mysql' and others, probably with silly passwords, to see if any holes exist. I've also seen hackers try to guess the paths to control panels such as phpmyadmin (which you shouldn't have in a public or guessable directory to begin with).

    I've followed most of the tips on these pages:

    http://dev.geekpoint.net/articles/vb...security-tips/
    http://dev.geekpoint.net/articles/vb...urity-tips-ii/
    http://www.adminfusion.com/?p=vB20831

    What else can be done to secure vB? It would be nice to know what methods hackers use so that if there are any holes, we can plug them up!

    Leave a comment:


  • DirtyHarry
    replied
    ENF, you are welcome. I came to the forums as soon as we had discovered it and reported it to vBSEO.

    MoMan, yes, it might help against attacks that target files directly (this has happened some time in the past with custom mods), but most attacks, these days, use 99% of the times other means that it is better not to write in detail here, but that can bypass .htaccess restrictions. This said, security is a multi-layered thing, and every single layer counts. Even small tricks can make the difference.

    And you won't believe how often the hacker simply brute-forces an easy to guess password. Believe it or not, there are still web owners out there with passwords "inspired" by Walt Disney's characters' names.

    Leave a comment:


  • MoMan
    replied
    Would password-protecting the admincp directory, the modcp directory, and the includes directory also be recommended? Seems like that should stop arbitrary access to most sensitive scripts.

    Leave a comment:


  • ENF
    replied
    Thanks for that post Harry, as I was reading it, an email from vbSEO dropped in my inbox. Nice timing.

    Leave a comment:


  • DirtyHarry
    replied
    Sorry, I am copying from another post I just made:

    If you are using VBSEO, today we found a security hole in vBSEO while working on a client's website. This hole affects all versions of vBSEO, including 3.3.2, and allows an attacker to perform any operation by installing shell scripts in your writable directories. It does not matter if these writable directories are into the public root of your forums; through vBSEO, they can include also files outside the public root.

    We reported the hole to vBSEO, and they confirmed it. They then added the patch to their 3.3.2 version; so even if you have 3.3.2, you should re-upgrade it. They have not yet issued a public statement about this, but the latest vBSEO version includes today's patch.

    Today, we had 6 different reports of the hack from other clients, so the thing is spreading fast.

    The hackers first add shell scripts to your directories, then gain MySQL access by reading the config file and edit templates.

    Leave a comment:


  • Zachery
    replied
    Originally posted by Poppet25 View Post
    Did that and cleared my browser cache still points to the orginal links.
    Something is causing it then, the default style uses the directories in the config.php file.

    Leave a comment:


  • Poppet25
    replied
    Originally posted by Zachery View Post
    Update the config.php with the proper directories.
    Did that and cleared my browser cache still points to the orginal links.

    Leave a comment:


  • Loco.M
    replied
    the site looks fine now, I assume you got it working
    even if you have the latest vBulletin, I'm sure you've added mods to it, this would most likely be the hole they used to gain access.

    Leave a comment:


  • bjkinzluvr
    replied
    Originally posted by dodgeboard.com View Post
    Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

    Eample:

    71-218-13-147.hlrn.qwest.net


    But in your htaccess file you would put just qwest.net
    Thank you. That is very helpful.

    Leave a comment:


  • dodgeboard.com
    replied
    Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

    Eample:

    71-218-13-147.hlrn.qwest.net


    But in your htaccess file you would put just qwest.net

    Leave a comment:


  • bjkinzluvr
    replied
    Most users do NOT have static IP's. So in implementing this, you say use a host name. Can you clarify? What host? Thanks!

    Leave a comment:


  • Zachery
    replied
    Update the config.php with the proper directories.

    Leave a comment:


  • Poppet25
    replied
    Quick question, how do you change the links in the footer to point to the right address for the admin and mod links once you have changed them?
    Last edited by Poppet25; Thu 12th Nov '09, 12:56am.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X