Announcement

Collapse
No announcement yet.

Preventative - How to avoid being Hacked by TeamPS i.e. p0wersurge

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Thanks Snakes,
    New thread posted.

    Comment


    • #17
      When I run the SQL query for base64 in plugins I get a long string under the subscriptions.php file... is that normal?

      if (strpos($_SERVER['PHP_SELF'],'subscriptions.php')) { eval(gzinflate(base64_decode('-removed-'))); exit; }

      Comment


      • #18
        Not normal, remove that code or reupload a fresh copy.

        Comment


        • #19
          I found a way they are doing this...

          I also saw this somewhere I just cant remember where...
          but i removed the whole install file after, I restored my site and nothing has happened so far...

          To Access vBulletin use this
          /install/upgrade.php
          All You need is a Customer Number to Run the upgrade Script
          Then once they upgrade...
          They can access to admin CP then they upload
          Whatever they want using XML and then they can access to the rest of sub-domains
          This isn't made aware to the public they go on to say...
          Last edited by Inspector G; Thu 28th Feb '13, 7:24pm.
          Here I go again...
          I have 15 Live members on my site...So even if you want to bash me stop in and visit please...
          www.freedomofspeech.cc
          ... Been around for yrs

          Comment


          • #20
            That doesn't make sense, you are required to login to the admin cp with a username and password after an upgrade (if not already logged in), I just confirmed on my own test site.

            That said for VB3/4 it is good practice to password protect the install and admincp directories. In VB5 the new rule is to delete the entire install directory.

            Comment


            • TheLastSuperman
              TheLastSuperman commented
              Editing a comment
              Delete the /install directory from vB4 as well, it is not required and furthermore is not needed unless it's being called forth by some administrative functions which is usually from tools.php if not one of the maintenance functions and if your site is running smoothly w/o errors there is usually no need to run those . If you go to do something in admincp and an error is given then simply temporarily reupload the install folder (minus the install.php file respectively) do your "function" then delete again .
          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X