Announcement

Collapse
No announcement yet.

Keep getting hacked over and over by Ymh

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by scroush View Post
    need2speed.com/vb_forums/forum.php
    You are using alpha:

    “Powered by vBulletinĀ® Version 4.2.2 Alpha 1”

    “vBulletin Message
    Site Maintenance.”

    But, still, it is weird and still U N B E L I E V A B L E !

    Look, these things have never happened to the vBulletin forums, the ones we are reading now. I will post on that topic soon…

    As of your response, asthmatic DemonStar, – I still consider it irresponsible. No admin should erase an entire forum and lose all data!

    Comment


    • #17
      Originally posted by Ion Saliu View Post

      As of your response, asthmatic DemonStar, – I still consider it irresponsible. No admin should erase an entire forum and lose all data!
      Matter of perspective and how much data one has to lose asthmatic one.


      Comment


      • #18
        I read in your other thread that you are using php 5.2 something, that is old and depricated and could be the reason your forum is getting repeatedly attacked, the current php version is 5.5, you need to upgrade to at least 5.3.

        Comment


        • #19
          Originally posted by scroush View Post
          My forums has been hacked a few times within the last 2 weeks, I have followed every post and still the guy comes back.

          I have no additional admins
          No Base64 code in the database
          Removed the Install folder
          Secured with htaccess AdminCP, ModCP, Includes, VB
          Upgraded to the lastest VB version
          Deleted all Plugins we had aside from the ones that come with vb
          Changed DB Username & Password
          Changed FTP Password

          And as you can see he is back http://www.need2speed.com/vb_forums/forum.php

          I have replaced the forum.php, content.php & index.php and the forum page still goes to the above page, need some major help. Not sure what else to do at this point.

          I have read the links below.

          http://www.vbulletin.com/forum/blogs...ve-been-hacked

          http://www.vbulletin.com/forum/blogs...vbulletin-site
          You didn't check for suspect files and either replace those not containing expected contents or delete those marked as not part of vBulletin.

          You also need to check your templates for iFrames and javascript inclusions.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #20
            Sorry I did check for suspect files and deleted those files, can you give me some tips on how to check the templates for iFrames & Javascripts? I got the site back up after upgrading to Alpha 1 with couple of issues which I have fixed at least one, working on the other.

            Comment


            • #21
              I use:
              Code:
               SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';


              For JavaScript, you need to manually review your modified templates. There would be too many false positives on a query.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • #22
                Yes thats what I ran and posted the attachments, not sure if any of those might not look correct.

                Also since my upgrade Im getting the error below on the CMS system

                Warning: Declaration of vBCms_Item_Content::setItemId() should be compatible with that of vB_Model::setItemId() in ..../packages/vbcms/item/content.php on line 26

                Warning: Declaration of vBCms_Collection_Content::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/content.php on line 23

                Warning: Declaration of vBCms_Item_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/item/widget.php on line 0

                Warning: Declaration of vBCms_Collection_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/widget.php on line 0
                Attached Files

                Comment


                • #23
                  vB 4.2.2 is a compatibility release for PHP 5.4 rather than including any security fixes. You do need to look through your server logs to find out what's happening - the best thing to do would be to review your server logs, and manually look through your templates for JavaScript.

                  Originally posted by Ion Saliu View Post
                  The pieces of advice from other members (especially the axiomatic DemOnstar) amount to a big bunch of baloney. You can’t wipe out the server and lose all those posts and maybe subscriptions — that would be irresponsible! It would be like in the ancient fable: “Demolish the house because of the mice”.
                  I agree that wiping out your database would be a stupid thing to do, as is the suggestion that you set up the forum to "bait" the hacker to watch what he does. However that is not what I suggested.

                  Comment


                  • #24
                    I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?

                    Comment


                    • #25
                      I would revert back to 4.2.1 as that is the stable release, especially as you are not on php5.4 vb 4.2.2 is still ion the alpha (testing) stage and is not recommended for production sites.

                      Comment


                      • #26
                        Yeah not doing that, I will upgrade PHP to 5.3 and see if that fixes some of the issues.

                        Comment


                        • #27
                          Originally posted by scroush View Post
                          I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?
                          There shouldn't be any errors under 5.3...
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API - Full / Mobile
                          Vote for your favorite feature requests and the bugs you want to see fixed.

                          Comment


                          • #28
                            ok just upgraded to PHP 5.3 and the errors within the CMS and Forum seem to be gone however if I go into the AdminCP and click Edit within Forum Permission the error below shows up right above the options.

                            Warning: Non-static method vB_Bitfield_Builder::fetch_permission_group() should not be called statically in ..../includes/adminfunctions_forums.php on line 179

                            Comment


                            • #29
                              he is back and is redirecting the forum.php again, heck he is even reading this thread LOL

                              Comment


                              • #30
                                Check through or get your host to check through the server logs to find out exactly what this guy is up to?

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X