Announcement

Collapse
No announcement yet.

Admin Log and Tools.php not working after being hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    xrayhead
    Member

  • xrayhead
    commented on 's reply
    I'm in the same boat mate: http://www.vbulletin.com/forum/forum...=1382096901199

    I'm struggling to sort mine out at the moment and still waiting on questions to be answered, I'll keep an eye on this thread to see how you get on.

    Xray
  • donald1234
    Senior Member

  • donald1234
    replied
    If you protect your admincp with a .htaccess file then you are safe to do any work that you need to do inc upgrades etc, just remember to delete the install file when finished.

    Leave a comment:

  • chaz7979
    Senior Member

  • chaz7979
    replied
    How can I, in good conscience, put the install dir back online to run the tools.php when the install dir is the source of so many recent hacks?

    What is vbulletins official stance on this?

    Leave a comment:

  • chaz7979
    Senior Member

  • chaz7979
    replied
    Wait, we are told to delete the install dir but, tools.php requires files that are in there?

    Leave a comment:

  • chaz7979
    Senior Member

  • chaz7979
    replied
    After a clean upgrade (deleted 4.2.1 files instead of overwriting) tools.php still returns blank.

    The log says...

    [Fri Oct 18 19:40:39 2013] [warn] mod_fcgid: stderr: PHP Warning: require_once(./install/includes/class_upgrade.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in /httpdocs/forum/admincp/tools.php on line 46
    [Fri Oct 18 19:40:39 2013] [warn] mod_fcgid: stderr: PHP Fatal error: require_once() [<a href='function.require'>function.require</a>]: Failed opening required './install/includes/class_upgrade.php' (include_path='.:') in /httpdocs/forum/admincp/tools.php on line 46

    Any idea why its looking for a file that does not exist?

    Leave a comment:

  • chaz7979
    Senior Member

  • chaz7979
    replied
    1-6 completed. 7 is still a no go.

    Upgrading from 4.2.1 to 4.2.2 now.

    Also, why am I not seeing the "Admin Log?" Is that another issue caused by the hack? Or is it really called "Control Panel Log?" I noticed that link points to adminlog.php

    Leave a comment:

  • Wayne Luke
    vBulletin Technical Support Lead

  • Wayne Luke
    replied
    Yes, that step requires that steps 1-6 before it are completed. If you completed those 6 steps, the issue causing the tools.php from appearing should also be resolved.

    Admin Log access is controlled in your config.php file. Add your userid (number not name) to the line for this. Your userid should be between the quotes. If it doesn't appear, something else is interfering. Could be a plugin or file edit.

    Leave a comment:

  • chaz7979
    Senior Member

  • chaz7979
    replied
    Aw, you didnt even read my post

    In your steps you say "Rebuild your datastores. You can use tools.php in the "do not upload" folder to do this. Upload it to your admincp directory, delete when done." but, when I run that file nothing happens. So, how do I follow your steps when some of your steps dont work for me?

    Again, I will reiterate my previous post...

    "while trying to secure my forums I noticed that under Statistics & Logs I have no "Admin Log." I have CP log, Moderator Log, Task log, etc... but, nothing called Admin Log... should there be? Yes, I am userid 1 and my config file grants me access.

    Also, while trying to run my tools.php file I noticed that the file seemingly does nothing. When I hit the page all I get is a blank response in return. No source code is returned to the browser. "

    Leave a comment:

  • Wayne Luke
    vBulletin Technical Support Lead

  • Wayne Luke
    replied
    There are four steps to securing your site. If you don't do them all or you do them in the wrong order than you're still susceptible to being attacked again.

    Close the hole... This has three subparts in this instance.
    1. Delete your install folder
    2. Review your admin users and delete any that don't belong. Don't ban them. Don't make them regular users. Delete them.
    3. Close access to your AdminCP using .htaccess. Use either user authorization with a different username and password or IP address restrictions.
    Fill the Hole... There are seven subparts in this instance.
    1. Review your files for changes. You can do this under Maintenance -> Diagnostics.
    2. Delete any Suspect Files.
    3. Replace any files marked as "Does not contain expected contents"
    4. Scan your plugins for malicious code (exec, base64, system, pass_thru, iframe are all suspect keywords). Delete any you find.
    5. Repair any templates. Any templates that you don't have notes on changing, you need to revert. If you're using a custom style, it is best to delete your existing style and reimport from a fresh download.
    6. Update your Addon Products.
    7. Rebuild your datastores. You can use tools.php in the "do not upload" folder to do this. Upload it to your admincp directory, delete when done.
    Secure the Hole
    Parts of this were done by closing the hole but there are still things to do here.
    1. Keep notes of all changes you make to the system - what templates and phrases you change, what files belong to which addons, what plugins do the addons install.
    2. Consider using a separate Super Admin who has access to admin logs in the AdminCP. There should be only one Super Admin.
    3. Create a lower permission Administrator for every day use.
    4. Review your permissions in the system.
    5. Block off access to the includes, modcp, packages and vb folders via .htaccess. Deny All can work here, unless you use the ModCP. You need user authorization there.
    6. Move your attachments outside the forum root directory.
    7. Create a complete backup of your site. Make database backups weekly.
    Vigilance
    You need to keep active on the security of the site.
    1. Give out the fewest permissions necessary for anyone to do their job
    2. Make sure your hosting provider updates the software.
    3. Update to the latest vBulletin when it is released.
    4. Make sure your addons are always up to date.

    Leave a comment:

  • chaz7979
    Senior Member

  • Admin Log and Tools.php not working after being hacked?

    I'm not sure if its related to being hacked today (forgot to delete the install dir) but, while trying to secure my forums I noticed that under Statistics & Logs I have no "Admin Log." I have CP log, Moderator Log, Task log, etc... but, nothing called Admin Log... should there be? Yes, I am userid 1 and my config file grants me access.

    Also, while trying to run my tools.php file I noticed that the file seemingly does nothing. When I hit the page all I get is a blank response in return. No source code is returned to the browser.

Related Topics

Collapse

Working...
X