Announcement

Collapse
No announcement yet.

Site hacked, can someone please help?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • cataclyzmic
    replied
    You must check /includes/xml also. vba.php resides there.

    If you call vba.php in your browser you will see all the options the hacker has. You can view all the files including the config.php and get all of their db details etc...options to create a backdoor and many others.

    Pretty impressive piece of work really.

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by Zachery View Post
    Inject code into a plugin.
    Have that code be a php shell
    Write files to the file system.

    Magic, more or less.
    Gotcha... so then there was more changes made by this hack than being widely reported.

    Leave a comment:


  • KW802
    replied
    Originally posted by jaycob View Post
    what hack is vba.php please.

    also re-uploading all files may fix this?
    Originally posted by beishe8 View Post
    No vBadvanced products have a file named "vba.php" nor have they in the past.

    Leave a comment:


  • Zachery
    replied
    Originally posted by BirdOPrey5 View Post
    I just want to know how they were able to write new files via an SQL exploit. Something is fishy here.
    Inject code into a plugin.
    Have that code be a php shell
    Write files to the file system.

    Magic, more or less.

    Leave a comment:


  • BirdOPrey5
    replied
    I just want to know how they were able to write new files via an SQL exploit. Something is fishy here.

    Leave a comment:


  • ikorolis
    replied
    i am waiting official answer this security bug/hack/exploit is fixed or not.

    mod hacks is safe to use or not

    Leave a comment:


  • Gav-n-Tn
    replied
    Originally posted by Alfa1 View Post
    Valters hacks are generally good.
    Absolutely agree.

    Leave a comment:


  • Alfa1
    replied
    Basically with any of the addons on vb.org you risk that there are vulnerabilities. Even heavily used addons are not audited. The coast is never clear.
    I try to avoid such problems by steering clear from unknown coders and coders that are known to deliver problematic code.
    Valters hacks are generally good.

    Leave a comment:


  • Gav-n-Tn
    replied
    Originally posted by Paul M View Post
    TBH, thats not particularly fair. All but the simplest software is a possible subject of attack by hackers, they are always looking for (and find) the most obscure faults. Just remember that this code has existed (with this issue) for something like four years before someone eventually found this exploit - its not an obvious problem unless you really go looking for it.

    You presumably dont trust vbulletin either, since numerous exploits have been found in it over the years.
    I agree with Paul. It took them a long time to find the exploit. I'd just like to know when the coast is clear and if there are any other hacks by Valter that are vulnerable. They can call it harmless fun if they want but I don't see it that way.

    Leave a comment:


  • LauraM
    replied
    Originally posted by NickCat View Post
    My concern is that everyone here only cleaning up their system and database seems comfortable that nothing else in the database was affected by the hackers. Call me paranoid, but a warm and fuzzy message that says "we didn't do anything malicious" in an html file doesn't really inspire much confidence. Personally I'd rather take the 1.5 day loss of data than find out in 2 weeks from now something else was inserted and used later to gain access to the site. I agree it doesn't appear to be the case, but this is my livelihood, I'd rather be safe than sorry.
    Same here. I replaced it with the back up from the previous day. Lost a day of posts, but I feel better having it completely wiped and replaced.

    Leave a comment:


  • Paul M
    replied
    That only prevents them being altered via the ACP, direct database queries will still alter them, which I would think is the method used by the hackers.

    Leave a comment:


  • Primo
    replied
    Originally posted by jimjam View Post
    How do I get me one of those unalterable admin accounts? Thanks
    Go to your cpanel and in includes find config.php file, hit edit and enter user id for acc you want to be undeletable/unalterable.

    Leave a comment:


  • jimjam
    replied
    Originally posted by OcR Envy View Post
    Resolution:
    Login under unalterable admin account; everyone should have one of these!
    How do I get me one of those unalterable admin accounts? Thanks

    Leave a comment:


  • Valter
    replied
    Hacked by Team Animus?

    Please read this thread:
    http://www.vbulletin.org/forum/showthread.php?t=263202

    Leave a comment:


  • Hemanth
    replied
    Originally posted by Paul M View Post
    The interesting part about this is that you cannot do the first or last items [i.e. upload files] via SQL injection.
    I was also wondering the same thing. As an admin user, would it be possible to use any vBulletin files to write to the root directory (assuming it's set as 777)?

    @Zachery: Any idea how they gained file system access?

    Leave a comment:

Related Topics

Collapse

  • TsG XxGHOSTxX
    I need help
    by TsG XxGHOSTxX
    I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
    Wed 7 Jun '17, 9:25am
Working...
X