Originally posted by jl255
View Post
Announcement
Collapse
No announcement yet.
Site hacked, can someone please help?
Collapse
This topic is closed.
X
X
-
Originally posted by jl255 View Posttks for all the sharing. my sites' been affected too.
i see the following main impacts:
1. insertion of index.php and index.html in various folders (look at last modified dates of your folders to see which folders were touched)
2. insertion of vba.php, which contains a trojan in varoius folders
3. change of usertitles
4. change of customtitles = '1'
5. change of your administrator right to registered member
6. insertion of new member (TeamAnimus) with administrator rights
Are there any other impacts??? Pls share so we can all eliminate any other vulnerabilities.
ps i think they just want to prove a point i.e. there are vulnerabilities in our mods. if they had intended to be malicious, we wld have hell lot more problems. so i guess, we shld be thankful in sense... to them.
Even after deletion of the TeamAnimus member, the next user to register is given the userid 13371338
Apparently. This was the case on my forums. I wonder what happened on forums where a userid of 13371337 already existed?
Leave a comment:
-
Originally posted by jl255 View Posttks for all the sharing. my sites' been affected too.
i see the following main impacts:
1. insertion of index.php and index.html in various folders (look at last modified dates of your folders to see which folders were touched)
2. insertion of vba.php, which contains a trojan in varoius folders
3. change of usertitles
4. change of customtitles = '1'
5. change of your administrator right to registered member
6. insertion of new member (TeamAnimus) with administrator rights
Are there any other impacts??? Pls share so we can all eliminate any other vulnerabilities.
ps i think they just want to prove a point i.e. there are vulnerabilities in our mods. if they had intended to be malicious, we wld have hell lot more problems. so i guess, we shld be thankful in sense... to them.
also re-uploading all files may fix this?
Leave a comment:
-
tks for all the sharing. my sites' been affected too.
i see the following main impacts:
1. insertion of index.php and index.html in various folders (look at last modified dates of your folders to see which folders were touched)
2. insertion of vba.php, which contains a trojan in varoius folders
3. change of usertitles
4. change of customtitles = '1'
5. change of your administrator right to registered member
6. insertion of new member (TeamAnimus) with administrator rights
Are there any other impacts??? Pls share so we can all eliminate any other vulnerabilities.
ps i think they just want to prove a point i.e. there are vulnerabilities in our mods. if they had intended to be malicious, we wld have hell lot more problems. so i guess, we shld be thankful in sense... to them.
Leave a comment:
-
Originally posted by jaycob View Posti did this as said above:
RUN SQL Queries:
DELETE FROM user WHERE userid='13371337';
UPDATE user SET usertitle = '' where usertitle = 'Hacked by Team Animus';
and now my user titles are gone completely.Code:UPDATE user SET customtitle = '0' where customtitle = '1'
Leave a comment:
-
If your going to change the titles to nothing, you mine as well go ahead and change them for a keyword your really trying hard to rank for. Of course I made mine Make Money Online but whatever your niche is this little bit of on site seo would help. I like to turn a bad situation into a good one when ever I can. You need to make sure you have the serps spidering your profiles. You can even anchor text them back to your home page with whatever keyword you decide to use and rank for. In the end the users could still change it. Run your sitemap tonight and ping the piss out of it.
Cheers!
Leave a comment:
-
i did this as said above:
RUN SQL Queries:
DELETE FROM user WHERE userid='13371337';
UPDATE user SET usertitle = '' where usertitle = 'Hacked by Team Animus';
and now my user titles are gone completely.
Leave a comment:
-
It seems that problem is a bit more serious than updating user titles and removing from admin usergroup, as I have a backup I'll restore it on another server, because when I switched the database on the current server there was absolutely no effect.
Leave a comment:
-
Originally posted by OcR Envy View Post+1 on being hacked, was using Cyb Advanced Forum Rules.
Hacker SQL injected admin user with userid 13371337.
Moved all Admins to Members.
Banned all Admins.
Changed password on some accounts.
Changes all user titles to 'Hacked By Team Animus'
Turned board offline.
Resolution:
Login under unalterable admin account; everyone should have one of these!
Uninstall Cyb Advanced Forums
Restore all admin permissions
RUN SQL Queries:
DELETE FROM user WHERE userid='13371337';
UPDATE user SET usertitle = '' where usertitle = 'Hacked by Team Animus';
Rebuild Titles and Ranks
Turn board back online
For those saying that files were defaced my guess is they weren't he just edited the templates. I checked my logs and found no ACTUAL php file changes.
However, I think there might have been some code changes. I tried registering a new user and userID was set as "13371337" and userTitle was set to "Hacked by Team Animus" by default.
Leave a comment:
-
its only Cyb rules hack only yeah guys????
can we enable Cyb advanced permissions? because since disabled im getting attacked by spammers now lol.
Leave a comment:
-
Originally posted by OcR Envy View Post+1 on being hacked, was using Cyb Advanced Forum Rules.
Hacker SQL injected admin user with userid 13371337.
Moved all Admins to Members.
Banned all Admins.
Changed password on some accounts.
Changes all user titles to 'Hacked By Team Animus'
Turned board offline.
Resolution:
Login under unalterable admin account; everyone should have one of these!
Uninstall Cyb Advanced Forums
Restore all admin permissions
RUN SQL Queries:
DELETE FROM user WHERE userid='13371337';
UPDATE user SET usertitle = '' where usertitle = 'Hacked by Team Animus';
Rebuild Titles and Ranks
Turn board back online
For those saying that files were defaced my guess is they weren't he just edited the templates. I checked my logs and found no ACTUAL php file changes.
Also, my admincp and modcp folders were renamed from the beginning but I have two folders with those names still that just log ips of those trying to access admincp or modcp. It is in those folder that there was index.html and index.php html both modified at the same time. The same two files were also found above my forum root. I would assume anyone that changed their acp and modcp folders don't see anything different. I would be interested to know if they have files above their forum root though.
Here is the content of their files:
Code:<html> <head> <title>Hacked by Team Animus</title> </head> <body bgcolor="black"> <center> <font color="white"><h1>Hacked by Team Animus</h1></font><br /> <iframe src="http://player.vimeo.com/video/17743674?title=0&byline=0&portrait=0&color=ffffff&autoplay=1&loop=1" width="560" height="315" frameborder="0"></iframe> <br /> <font color="white">Contra - Exclusive - FMC</font><br /> <font color="white">From Sweden with <3</font><br /> </center> </body> <!-- All files should still be untouched. The purpose of this was not to **** anything up. --> <!-- We did it for the lulz. --> <!-- Contra @ REC or [email protected]mail.com --> </html>
Leave a comment:
-
+1 on being hacked, was using Cyb Advanced Forum Rules.
Hacker SQL injected admin user with userid 13371337.
Moved all Admins to Members.
Banned all Admins.
Changed password on some accounts.
Changes all user titles to 'Hacked By Team Animus'
Turned board offline.
Resolution:
Login under unalterable admin account; everyone should have one of these!
Uninstall Cyb Advanced Forums
Restore all admin permissions
RUN SQL Queries:
DELETE FROM user WHERE userid='13371337';
UPDATE user SET usertitle = '' where usertitle = 'Hacked by Team Animus';
Rebuild Titles and Ranks
Turn board back online
For those saying that files were defaced my guess is they weren't he just edited the templates. I checked my logs and found no ACTUAL php file changes.
Leave a comment:
-
We got hacked by Team Animus.
We're using vB4.1.3 and VSa Advanced Forum Rules 5.0.2. I've installed the latest version 5.0.3 (just released).
Leave a comment:
Related Topics
Collapse
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
-
Channel: vB Cloud Support & Troubleshooting.
Wed 7 Jun '17, 8:25am -
Leave a comment: