Announcement

Collapse
No announcement yet.

jforjustice.co.uk/banksters - Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    dlloyd, thank you, but I'm a little slow at this point. I added the code to a php file and executed it, but I get no output. I'm certain I am missing something, but hoping you can give me a little more guidance. Thanks for the help.

    Comment


    • #17
      Originally posted by cobradude View Post
      I was hit by this too. What should the "salt" field be? mine was "lol" and it isn't friggin funny. WHat a bunch of A-holes there are out there!
      It should be a 30 digit random string of characters that is generated on user registration. There is no way to restore the salt if it is changed directly in the database and no way to change it within the vBulletin software.

      You would have to enter a new 30 digit random string into the field and then run this query to regain access to your account:

      UPDATE user SET password = MD5(CONCAT(MD5('new-password'), salt)) WHERE userid = 1

      Replace new-password with the password you want and 1 with your userid.

      If you use a prefix defined in your config.php file, you will need to add that to user.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud customization and demonstration site.
      vBulletin 5 Documentation - Updated every Friday. Report issues here.
      vBulletin 5 API - Full / Mobile
      I am not currently available for vB Messenger Chats.

      Comment


      • #18
        Thanks for the help.

        By the way, I got everything fixed up, but they struck again today. THis time inserting a java script to redirect into all the postparsed table. Any ideas for how they would be doing this?

        Comment


        • #19
          Originally posted by cobradude View Post
          Thanks for the help.

          By the way, I got everything fixed up, but they struck again today. THis time inserting a java script to redirect into all the postparsed table. Any ideas for how they would be doing this?

          You can empty the postparsed table, it will re-generate.

          Comment


          • #20
            Or rebuild it under Maintenance -> General Update Tools (4.1.10+) / Update Counters (older versions).
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
            vBulletin 5 Documentation - Updated every Friday. Report issues here.
            vBulletin 5 API - Full / Mobile
            I am not currently available for vB Messenger Chats.

            Comment


            • #21
              They also got my forum with this jforjustice re-direct.

              Comment


              • #22
                Whoever made the rounds got a forum that is completely unrelated to me, which is why I even checked into it and found this whole thread. Initially, I thought that it might've been a targeted attack until I did some research into it. There are all sorts of forums out there right now whom have members receiving this email and posting in their respective site's feedback/support/assistance forum.

                Comment


                • #23
                  I going through the exact same thing right now. You might want to check your email logs, because in my case not only did I get a redirect but they somehow used the vbulletin mailer to spam their message. I'll probably lose my Amazon SES account because of it

                  Comment


                  • #24
                    Originally posted by rootnik View Post
                    I going through the exact same thing right now. You might want to check your email logs, because in my case not only did I get a redirect but they somehow used the vbulletin mailer to spam their message. I'll probably lose my Amazon SES account because of it
                    If someone gains access to your Admin CP or puts a mailer script on your server that includes the vBulletin engine, then they can use the mailer. Should be log entries of any emails that go out through the Admin CP. Though if you give your main admin account permission to delete logs, well then they can be deleted.
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                    vBulletin 5 Documentation - Updated every Friday. Report issues here.
                    vBulletin 5 API - Full / Mobile
                    I am not currently available for vB Messenger Chats.

                    Comment


                    • #25
                      Originally posted by Wayne Luke View Post
                      If someone gains access to your Admin CP or puts a mailer script on your server that includes the vBulletin engine, then they can use the mailer. Should be log entries of any emails that go out through the Admin CP. Though if you give your main admin account permission to delete logs, well then they can be deleted.

                      Wow, thanks! That helped a lot!

                      edit: to clarify, I was able to see the account that was compromised and that the emails were sent through the admincp.

                      There is still the question of how the account was hacked in the first place. The admin whose account was breached says he had a ridiculous password with random caps/numbers, and I take his word for it. Searching google, only vbulletin boards are getting hit with this. There has to be an exploit somewhere, whether it be in a 3rd party plugin or vbulletin itself that is giving these guys access to admin accounts.

                      I have vbseo, vboptimise, Yet Another Awards System, and Warning to users awaiting email confirmation products installed.
                      Last edited by rootnik; Wed 21st Mar '12, 1:42pm.

                      Comment


                      • #26
                        Originally posted by rootnik View Post
                        Wow, thanks! That helped a lot!

                        edit: to clarify, I was able to see the account that was compromised and that the emails were sent through the admincp.

                        There is still the question of how the account was hacked in the first place. The admin whose account was breached says he had a ridiculous password with random caps/numbers, and I take his word for it. Searching google, only vbulletin boards are getting hit with this. There has to be an exploit somewhere, whether it be in a 3rd party plugin or vbulletin itself that is giving these guys access to admin accounts.

                        I have vbseo, vboptimise, Yet Another Awards System, and Warning to users awaiting email confirmation products installed.
                        I got hacked and I had an extremely powerful password.

                        I also use the vBSEO and Awards plugins the same as you, maybe it is something to do with the awards plugin? Because I can't see vBSEO being the problem.

                        I was also using the latest version of vBulletin, I am not sure if you was?

                        Comment


                        • #27
                          Originally posted by Danny M View Post
                          I also use the vBSEO and Awards plugins the same as you, maybe it is something to do with the awards plugin? Because I can't see vBSEO being the problem.
                          vBSEO has a security exploit earlier this year. It involved a file on their server that would insert a malicious plugin into vBulletin every time you accessed their control panel. See:
                          https://www.vbulletin.com/forum/show...-Patch-Release
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                          vBulletin 5 Documentation - Updated every Friday. Report issues here.
                          vBulletin 5 API - Full / Mobile
                          I am not currently available for vB Messenger Chats.

                          Comment


                          • #28
                            VBSEO has been exploited 2 times that I know of. A couple of years ago we were hacked because of a VBSEO expoilt that injected a URL redirect that downloaded malware to visitors computers. Feedback from others who are affected, to see if they are running VBSEO, would be helpful.

                            I didn't know about about the exploit that Wayne linked to below, so I wasn't updated with the patch. I am now, after the fact.

                            I was running vbulletin 4.1.8 when we got attacked, I'm up to date there now as well.

                            Thanks for the response, and thank you Wayne for helping us troubleshoot.

                            Originally posted by Danny M View Post
                            I got hacked and I had an extremely powerful password.

                            I also use the vBSEO and Awards plugins the same as you, maybe it is something to do with the awards plugin? Because I can't see vBSEO being the problem.

                            I was also using the latest version of vBulletin, I am not sure if you was?
                            Last edited by rootnik; Wed 21st Mar '12, 4:31pm.

                            Comment


                            • #29
                              So, the first time I was hacked, they gained access to admincp, they inserted a plug in, as well as sent mail to my users. A holes! I locked down the ability to execute to a particular IP, changed all passwords, and they came back, but this time, they just hit the postparsed table and injected their bit of java to redirect every link.

                              Any additional ideas on how to lock this down? I have vbseo and other plugins. This spans latest 4 and 3.8 boards I run.

                              Comment


                              • #30
                                I also had an older version of VBSEO
                                Five Star Review Script - Add reviews to your website!
                                Mixed Martial Arts - Houston MMA Training
                                Women's Self-Defense - Courses and DVDs available

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X