Announcement

Collapse
No announcement yet.

Hacked by a Wanna-be...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I don't know how you do it Steve. Was this for real? I suspect not.

    Comment


    • #17
      Did you look through your access_logs? That is a good way to start to see how they got it.

      Have you restored a backup database from before you were hacked?

      Have you reuploaded all your default files to your site?

      What have you done to fix the problem?

      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.

      W3Schools <- awesome site for html/css help

      Comment


      • #18
        Originally posted by dsimms View Post
        He left a site that makes $200+/day and injected into a forum that does not do that much...This tells me
        his skill set is about limited to sql injection...or some type of injection. He is more of a fly in my face then a hacker.
        So you know who hacked you? Pissed him off and he had access to your FTP or folders?
        There are two ways to fix this, contact your host to check the logs and summit a support ticket that gives everything they ask for. Do you try to figure out how to fix a car when you don't have any clues on how to do it. sensor problem, computer problem, wiring problem and a hundred different things while you are looking at the tires?

        Originally posted by Lynne View Post
        Did you look through your access_logs? That is a good way to start to see how they got it.

        Have you restored a backup database from before you were hacked?

        Have you reuploaded all your default files to your site?
        What have you done to fix the problem?
        He has done nothing to fix the problem.


        • No url
        • no contact host
        • no information for support ticket
        • no asking the $200 a day hacker what he did
        • no version of vBulletin

        it would help if it would did any of this. Version of VB he should know, it was the last one he uploaded from his PC.

        Comment


        • #19
          Posts removed for insulting and quoting the insult. Please do not do this again.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #20
            Originally posted by dsimms View Post
            maybe I am the only one trying to figure this out...

            I give ftp access as last resort...

            I was hoping at least with your experience, then you would be helpful where to start
            since VB probably sees stuff like this all the time...

            I renamed my /includes/ directory and the hacker page went blank...so could the
            problem be in the includes directory?

            Yes, I try to figure a lot of this out myself
            before having to give ftp access out to anyone....
            Originally posted by Paul M View Post
            They cannot help you unless you provide the access requested, so best to decide - do you want someone to look into it or not ?
            Just give them access... I mean if you can't trust vBulletin staff w/ your info who can you trust? I trust them .


            Former vBulletin Support Staff
            Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
            Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
            Need a Host? - I recommend URLJet

            Comment


            • #21
              1) yes loco, I am not quite as dumb as i appear, my first thought was to change the index....

              2) I did not mean I was trying to cure the problem by changing anything. What I am saying is when
              I interrupted the /includes/ directory, the the hacker page went blank...so does this mean the source
              of the hacked page is coming from within the /includes/ directory?

              3) Just because he did what he did does not make him smart if that is all he could do to my site...
              The forum just compliments my site, it is not the money maker, and never has been....I just have
              not found what he has done, chances are, any other "hacker" would have taken advantage of the
              same weakness, probably the extent of their education as a whole anyway....

              4) someone said replace the index; I see nothing in the index that would indicate the hack,
              if it was the index, then any common person using VB would be hacked....

              5) version 4.1.2

              6) I also noticed that VBSEO urls no longer work...
              (htacess is missing, host may have done that, who knows...)

              7) SuperMan - You guys just do not get it...this isnt about trust. I have given VB
              access before, this is not a trust issue...There is life outside my hacked forum....
              I have just not had time to do it yet...before this is over, they will have access....

              Ill kick this over to VB before the weekend is over...

              I just have a lot going on right now, and includes an upcoming major move, bla, bla, bla....

              Originally posted by Loco.M View Post
              Nope, the problem is you changed the includes folder.
              Just picking random folders/files to change isn't going to fix the problem.
              You haven't even posted the url for us to check out...
              The only solution at this point is to fill out the support ticket as suggested this morning.
              Is there a reason why you don't want to hand over your url or login info to the vb staff?
              They looked at 100's of forums everyday, if not 1,000's..

              I agree.. it looks like the "wannabe-hackers" have done a pretty good job.

              Did you at least place a blank index file in your root, or have you been broadcasting to all your members and guest that your forum has been hacked?
              Last edited by dsimms; Fri 10th Jun '11, 6:56pm.

              Comment


              • #22
                I have, but the logs are so long that I could have just as easily missed something...and the
                host does not appear all that much concerned or even being helpful...my last email to them
                was if they can find any IP's other then myself connecting to my account/ftp, etc...not that
                it will matter that much in the end....

                I have backup's 3 ways to sunday, but without finding the problem at hand, then we just reset
                and wait for the next hack to come in again, then we start it all over again...nothing accomplished....

                tomorrow I will reupload v4.1.2 or higher - if that does not work, then I guess it was a 3rd party mod that was hacked...

                To another poster, yea, I guess I pissed off someone, now that I think about this, it wasnt even a month ago when
                microsoft gave me a red flag warning for my entire site...(virus warning) it is a popup that you get when you go to
                a website that warns you of a potential virus....

                took 2 weeks to convince them my site wasnt a virus out to take over the world....

                someone got me on that one, lost a few bucks during those two weeks....

                Originally posted by Lynne View Post
                Did you look through your access_logs? That is a good way to start to see how they got it.

                Have you restored a backup database from before you were hacked?

                Have you reuploaded all your default files to your site?

                What have you done to fix the problem?
                I hate when I become the pattern....

                Comment


                • #23
                  Appears to have been a db hack....

                  Right after customavatar tables is nothing but garbage/jibberish... then when it gets to the next table the code goes back to normal again...

                  I can tell from coding and complete garbage.....

                  How does someone hack the db anyway?

                  Comment


                  • #24
                    did you leave the install file in the ftp

                    Comment


                    • #25
                      Originally posted by Hawk2 View Post
                      did you leave the install file in the ftp
                      the install directory was in place under a different name; I suppose the install.php was there.
                      I have since deleted the install dir along with any files in the install directory....

                      Comment


                      • #26
                        only delete the install.php and upgrade.php file will stop them

                        Comment


                        • #27
                          Originally posted by Hawk2 View Post
                          only delete the install.php and upgrade.php file will stop them
                          So that was their way into the db?

                          Comment


                          • #28
                            one of the ways always better to remove them

                            Comment


                            • #29
                              Originally posted by dsimms View Post
                              So that was their way into the db?
                              You won't know unless you check your access_logs to see how they got in.

                              Please don't PM or VM me for support - I only help out in the threads.
                              vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                              Want help modifying your vbulletin forum? Head on over to vbulletin.org
                              If I post CSS and you don't know where it goes, throw it into the additional.css template.

                              W3Schools <- awesome site for html/css help

                              Comment


                              • #30
                                Originally posted by Hawk2 View Post
                                one of the ways always better to remove them
                                Back in operation again....

                                I lost a few changes, but nothing major...

                                backup worked perfectly!

                                now to update, then backup again....

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X