Announcement

Collapse
No announcement yet.

Site hacked, can someone please help?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zachery
    replied
    We've been telling everyone religiously to open a ticket with my attention. I've delt with a bulk amount of tickets now, I know what is generally exploited and what needs to be done. Anyone still having a problem please open a ticket.

    Leave a comment:


  • borbole
    replied
    Originally posted by meijin View Post
    I would just like to commend a member here "borbole". He was a tremendous help in helping me get everything back under control on my site and, to date, we have not had the hackers revisit our site. Certainly, trying to do all that he did on my own would have taken much, much longer to do and my site would have been at risk during that entire time. I certainly know who I am going to talk to the next time I need work done on my site! Much thanks my friend!

    You are most welcome. Glad to have been of help

    Leave a comment:


  • Paul M
    replied
    Originally posted by gosborne View Post
    Just as a checklist - here's what I think they have done
    • Uploaded a new catchy saxophone index.html page to root, admincp and modcp
    • Added a new user to the user table as an admin, called team animus
    • Set the autoincrement to 13371337 on userid
    • Changed customtitle and user title so they all read 'hacked by team animus'
    • Switched off the vBulletin forum
    • Added a file called vba.php to the includes folder.

    Is that the lot as far as you've seen?
    The interesting part about this is that you cannot do the first or last items [i.e. upload files] via SQL injection.

    Leave a comment:


  • NickCat
    replied
    My concern is that everyone here only cleaning up their system and database seems comfortable that nothing else in the database was affected by the hackers. Call me paranoid, but a warm and fuzzy message that says "we didn't do anything malicious" in an html file doesn't really inspire much confidence. Personally I'd rather take the 1.5 day loss of data than find out in 2 weeks from now something else was inserted and used later to gain access to the site. I agree it doesn't appear to be the case, but this is my livelihood, I'd rather be safe than sorry.
    Last edited by NickCat; Thu 5 May '11, 6:00am.

    Leave a comment:


  • gosborne
    replied
    Just as a checklist - here's what I think they have done
    • Uploaded a new catchy saxophone index.html page to root, admincp and modcp
    • Added a new user to the user table as an admin, called team animus
    • Set the autoincrement to 13371337 on userid
    • Changed customtitle and user title so they all read 'hacked by team animus'
    • Switched off the vBulletin forum
    • Added a file called vba.php to the includes folder.

    Is that the lot as far as you've seen?

    Leave a comment:


  • Suiram
    replied
    Originally posted by NYCe View Post
    Apparently. This was the case on my forums. I wonder what happened on forums where a userid of 13371337 already existed?
    I doubt such a forum exists. They'd have to have 13+ million registered users. I'd like to see such a forum. Even with deleted spammer accounts or such, which keep their userid seed number, it would be extremely highly unlikely. I mean how many users do some of the biggest forums have? 1-2 million?

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by tlwwolfseye View Post
    No practice that wasn't really necessary. Just getting a negative wibe about others of his (Valter) Mods.

    And yes, I changed all these Passwords and other things. And tbh, people that do something like this (the hacker I mean), should be shot on sight. Sorry for the harsh words, but there is nothing to forgive in my oppinion about killing someone else's work.
    Actually hacks like this keep us on our toes, like we should be. They force people to learn about things they should know, remind people to do the backups they should be doing. In the end nothing of value was really damaged but the user titles... Yes it's annoying but it could have been worse. They could have planted far more destructive viruses in your pages that would have spread to all your users- they could have remained quiet for weeks or months just collecting data... it could have been a lot worse- although they wanted attention they didn't have intent to harm.

    It does bring up some questions about our modding community too... If even some of our most popular mods by our most experienced coders can have these exploits maybe we need to do more than just offer mods as "use at your own risk." - I would like to implement some sort of peer review process for mods, don't know if it's possible but it's worth discussing anyway.

    We, as a community, will come out of this stronger than when we went it.

    Leave a comment:


  • Paul M
    replied
    Originally posted by tlwwolfseye View Post
    Do I now have to be afraid of running any other Mods of him (either for v3.x or v4.x) because of this ? My trust in his Mods just went out of the window.
    TBH, thats not particularly fair. All but the simplest software is a possible subject of attack by hackers, they are always looking for (and find) the most obscure faults. Just remember that this code has existed (with this issue) for something like four years before someone eventually found this exploit - its not an obvious problem unless you really go looking for it.

    You presumably dont trust vbulletin either, since numerous exploits have been found in it over the years.

    Leave a comment:


  • ikorolis
    replied
    have anynews for security bug/exploit/hack/fault or sql injection when fixed?
    have anynews for other mod hack if danger of hack attack?

    thank you.

    Leave a comment:


  • meijin
    replied
    I would just like to commend a member here "borbole". He was a tremendous help in helping me get everything back under control on my site and, to date, we have not had the hackers revisit our site. Certainly, trying to do all that he did on my own would have taken much, much longer to do and my site would have been at risk during that entire time. I certainly know who I am going to talk to the next time I need work done on my site! Much thanks my friend!

    Leave a comment:


  • tlwwolfseye
    replied
    Just a clean shot to the head, thats all the hacker needs.

    Leave a comment:


  • AusPhotography
    replied
    Seal team 6 needed

    Leave a comment:


  • tlwwolfseye
    replied
    No practice that wasn't really necessary. Just getting a negative wibe about others of his (Valter) Mods.

    And yes, I changed all these Passwords and other things. And tbh, people that do something like this (the hacker I mean), should be shot on sight. Sorry for the harsh words, but there is nothing to forgive in my oppinion about killing someone else's work.

    Leave a comment:


  • AusPhotography
    replied
    You should also change DB, root and other major passwords. Just good practice

    Leave a comment:


  • tlwwolfseye
    replied
    Do I now have to be afraid of running any other Mods of him (either for v3.x or v4.x) because of this ? My trust in his Mods just went out of the window.

    Leave a comment:

Related Topics

Collapse

  • TsG XxGHOSTxX
    I need help
    by TsG XxGHOSTxX
    I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
    Wed 7 Jun '17, 8:25am
Working...
X