Announcement

Collapse
No announcement yet.

Site hacked, can someone please help?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ikorolis
    replied
    agree 50% with you.

    but one is true

    official VB say dont use any mod/hack (3rd party utilities) using own risk.

    Leave a comment:


  • blind-eddie
    replied
    Originally posted by Paul M View Post
    Just to be clear - while Valters mod is strongly suspected - I have not seen any confirmation that this has been proved - or indeed that every site was even running it.
    I couldn't agree more, and how was it suspected & by whom?

    One of my vb sites was hacked as well & yes I was running suspected addon but, that means nothing. And I had it back up and running within 45 mins with a backup.
    The question I have yet to see asked is how all the vb sites were hacked at the same time or how a script was set up and ran to do them all over a short period of time & where they got their info to know who all was running the suspected addon.

    I do not believe it was Valters mod at all!

    We all know the staff changes vbulletin has gone through & the creation of xenforo and the bad blood between the two.
    Could this be a way to get people to dis-trust vbulletin and switch over? Just a thought. Think about it...
    How many sites reported they were hacked?
    I honestly believe this was an internal issue, (within vbulletin.com) I mean who else has access to know who is running what?

    I could go on with other conspiracy theorys....but, something just ain't right about this whole mess...

    Leave a comment:


  • ikorolis
    replied
    im trusted Valter and you Paul M and using many 3rd party tools on my site/forum.

    but this security risks/bugs/exploits is very bad for me (not have time to install and setup again my site/forum for begin if anyone hacked).

    i am spend money to buy VB licence 3.x and 4.x

    now using VB 3.x but if hacked i am uninstall anything for VB 3.x and install / setup VB 4.x without any mod.

    Leave a comment:


  • Paul M
    replied
    Just to be clear - while Valters mod is strongly suspected - I have not seen any confirmation that this has been proved - or indeed that every site was even running it.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by SoftDux View Post
    Yes I did, and I see a lot of people saying they don't know how it happened. Is there an actual, confirmed bug or fix?
    It's not a bug in vBulletin, it's a security hole in a modification. Inside this thread are instructions on how to patch it (which it basically, updating the modification as the author has released a patched version),and there are also instructions on how to restore your site if you are attacked.

    The vB support team are also asking that anyone still struggling should raise a support ticket to them.

    Leave a comment:


  • SoftDux
    replied
    Originally posted by Mark.B View Post
    Did you actually read ANY of the posts in this thread?
    Yes I did, and I see a lot of people saying they don't know how it happened. Is there an actual, confirmed bug or fix?

    Leave a comment:


  • Mark.B
    replied
    Originally posted by SoftDux View Post
    Does anyone know how they're hacking the websites, and what we need todo to completely stop it?

    Or is VB going to be the next joke-forum which gets hacked all around the globe?
    Did you actually read ANY of the posts in this thread?

    Leave a comment:


  • SoftDux
    replied
    Does anyone know how they're hacking the websites, and what we need todo to completely stop it?

    Or is VB going to be the next joke-forum which gets hacked all around the globe?

    Leave a comment:


  • cmfinc
    replied
    i did some cleaning like a lot of you did . and it seem to just keep going and going. LOL. just ran back up . alls well dumped advance rules. lost a few days of post but all is good to go now and done with the searching and trying to fix..

    Leave a comment:


  • Trevor Hannant
    replied
    For those that aren't already doing it, you may want to create a backup job for your database to run at least once per day. There is a shell script in the do_not_upload folder of the ZIP file which can be used by a Cron job you setup on the server. Alternatively, if you don't have access to create Cron jobs, try something like this:

    http://www.vbulletin.org/forum/showthread.php?t=201319

    Leave a comment:


  • Kanga
    replied
    My site too was hacked by Team Animus, however, they only defaced my site. I found the following on my site;

    Hacker SQL injected admin user with userid 13371337.
    Moved all Admins to Members.
    Banned all Admins.
    Changes all user titles to 'Hacked By Team Animus'
    Turned board offline.

    I found no trace of vba.php anywhere on my server nor any other evidence of any changes.

    I too was using the Advanced Registration mod.

    Leave a comment:


  • Videx
    replied
    Originally posted by cbiweb View Post
    ... But without this thread I would have been lost. ...
    Nobody's out of the woods yet since we haven't figured out how it's being done. Can you tell us at least if you had the Advanced Registration mod installed?

    Leave a comment:


  • cbiweb
    replied
    Just wanted to chime in with my very large thanks to the knowledgeable posters in this thread who were able to provide solutions. I discovered the hack around 10pm Eastern time last night, and spent 3 hours cleaning up most of the mess, and finished this morning after some sleep. But without this thread I would have been lost. I've never had one of my sites hacked, and never had to deal with any clients whose sites were hacked. My hax0r cherry has been royally popped, and like others have said, it's only made me stronger. Go figure, I applied strong security on client's sites, but never on my own. Well.... that has changed.

    Leave a comment:


  • AusPhotography
    replied
    We were lucky in that (Australian time) the hack attack occurred in the early morning but after our daily 3am backup.

    I changed passwords, I deleted all the newly updated files, I replaced them from original source, restored from the 3am backup - all good.
    We only lost a handful of threads and posts, but it was the safest option IMHO.

    Lessons?
    1. Have a daily backup!
    2. Have all the source code safe somewhere else.
    3. Take more time to eyeball add-on code

    Note: Valter's code has been around for years. NO ONE noticed the problem until now.

    It's very easy to visually check all form fields and SQL in an addon; checking that vB cleaning and escape_string have been applied.
    We (Admins) all need to be vigilant, no point blaming anyone, TeamAnimus have done us a favour by making us take security seriously (or more so).
    Not that I would object to tasking Seal Team 6 onto TeamAnimus


    Kym

    PS:
    Originally posted by BirdOPrey5 View Post
    Actually hacks like this keep us on our toes, like we should be. <snip>

    It does bring up some questions about our modding community too... If even some of our most popular mods by our most experienced coders can have these exploits maybe we need to do more than just offer mods as &quot;use at your own risk.&quot; - I would like to implement some sort of peer review process for mods, don't know if it's possible but it's worth discussing anyway.

    We, as a community, will come out of this stronger than when we went it.
    +100
    Last edited by AusPhotography; Thu 5 May '11, 4:54pm.

    Leave a comment:


  • Zachery
    replied
    Originally posted by BirdOPrey5 View Post
    Gotcha... so then there was more changes made by this hack than being widely reported.
    I've seen template tables changed.
    I've seen users inserted
    I've seen shells uploaded
    I've seen user titles changed
    I've seen plugins added.
    I've seen files uploaded.

    Leave a comment:

Related Topics

Collapse

  • TsG XxGHOSTxX
    I need help
    by TsG XxGHOSTxX
    I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
    Wed 7 Jun '17, 9:25am
Working...
X