Announcement

Collapse
No announcement yet.

3.8.5 hacked..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    Pandemikk
    Member

  • Pandemikk
    replied
    I bet you your .htaccess was chmod 777.

    It should be chmod 644.

    Leave a comment:

  • melbo
    Senior Member

  • melbo
    replied
    Upload a copy of your .htaccess and overwrite.
    If someone added that .htaccess file to your server, it's a server or FTP security issue- not a vB one. You can't FTP, upload, or edit root server files through vB.

    Leave a comment:

  • Trevor Hannant
    vBulletin Support

  • Trevor Hannant
    replied
    Originally posted by Alex510 View Post
    #
    # MyBB "search engine friendly" URL rewrites
    # - Note, for these to work with MyBB please make sure you have
    # the setting enabled in the Admin CP and you have this file
    # named .htaccess
    #
    That's a very strange section even moreso given that vb3.8.5 doesn't have an .htaccess file in the download.

    Looks like that's left over from a previous software installation.

    Have you checked for any new/amended files on your server? If there are some, look at the server logs for around that time as this may show how they've gotten in.

    Leave a comment:

  • Alex510
    New Member

  • Alex510
    started a topic 3.8.5 hacked..

    3.8.5 hacked..

    My forum has never ever been hacked until I moved to 3.8.5... I've managed to get the site back up but it only works with www. in front. I found this code in .htaccess

    Options -MultiViews +FollowSymlinks -Indexes

    #
    # If mod_security is enabled, attempt to disable it.
    # - Note, this will work on the majority of hosts but on
    # MediaTemple, it is known to cause random Internal Server
    # errors. For MediaTemple, please remove the block below
    #
    <IfModule mod_security.c>
    # Turn off mod_security filtering.
    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
    SecFilterScanPOST Off
    </IfModule>

    #
    # MyBB "search engine friendly" URL rewrites
    # - Note, for these to work with MyBB please make sure you have
    # the setting enabled in the Admin CP and you have this file
    # named .htaccess
    #
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^forum-([0-9]+)\.html$ forumdisplay.php?fid=$1 [L,QSA]
    RewriteRule ^forum-([0-9]+)-page-([0-9]+)\.html$ forumdisplay.php?fid=$1&page=$2 [L,QSA]

    RewriteRule ^thread-([0-9]+)\.html$ showthread.php?tid=$1 [L,QSA]
    RewriteRule ^thread-([0-9]+)-page-([0-9]+)\.html$ showthread.php?tid=$1&page=$2 [L,QSA]
    RewriteRule ^thread-([0-9]+)-lastpost\.html$ showthread.php?tid=$1&action=lastpost [L,QSA]
    RewriteRule ^thread-([0-9]+)-nextnewest\.html$ showthread.php?tid=$1&action=nextnewest [L,QSA]
    RewriteRule ^thread-([0-9]+)-nextoldest\.html$ showthread.php?tid=$1&action=nextoldest [L,QSA]
    RewriteRule ^thread-([0-9]+)-newpost\.html$ showthread.php?tid=$1&action=newpost [L,QSA]
    RewriteRule ^thread-([0-9]+)-post-([0-9]+)\.html$ showthread.php?tid=$1&pid=$2 [L,QSA]

    RewriteRule ^post-([0-9]+)\.html$ showthread.php?pid=$1 [L,QSA]

    RewriteRule ^announcement-([0-9]+)\.html$ announcements.php?aid=$1 [L,QSA]

    RewriteRule ^user-([0-9]+)\.html$ member.php?action=profile&uid=$1 [L,QSA]

    RewriteRule ^calendar-([0-9]+)\.html$ calendar.php?calendar=$1 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)\.html$ calendar.php?action=yearview&calendar=$1&year=$2 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ calendar.php?calendar=$1&year=$2&month=$3 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ calendar.php?action=dayview&calendar=$1&year=$2&month=$3&day=$4 [L,QSA]
    RewriteRule ^calendar-([0-9]+)-week-(n?[0-9]+)\.html$ calendar.php?action=weekview&calendar=$1&week=$2 [L,QSA]

    RewriteRule ^event-([0-9]+)\.html$ calendar.php?action=event&eid=$1 [L,QSA]

    <IfModule mod_env.c>
    SetEnv SEO_SUPPORT 1
    </IfModule>
    </IfModule>

    #
    # If Apache is compiled with built in mod_deflade/GZIP support
    # then GZIP Javascript, CSS, HTML and XML so they're sent to
    # the client faster.
    #
    <IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE application/x-javascript text/css text/html text/xml
    </IfModule>

    Can someone tell me what's going on?

Related Topics

Collapse

Working...
X