Announcement

Collapse
No announcement yet.

Security ISSUE

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    Originally posted by Morfation View Post
    We have a forum and someone whom we trusted had the FTP password, now that has been compromised, we changed the passwords on the FTP and database, but somehow they keep deleting the files, is there anything from the old files (if the attacker downloaded them) that would allow them access since we keep restoring the back ups?
    If you're running vBulletin 4.2.3, then no. It has had many patches applied over the years. However before you changed your FTP passwords, they may have uploaded files that give them access. You can test this in the AdminCP under Maintenance -> Diagnostics -> Suspect File Versions. Remove any files not part of vBulletin that you didn't add. Replace any files listed as not containing the expected contents.

    Finally, FTP is not secure. Passwords are transmitted in plain text using this protocol. You should talk to your hosting provider about SFTP or FTP over TLS for more security.

    Leave a comment:


  • Riasat
    replied
    Check for any rogue administrator/moderator users, change database password...basically change every password. Even then you might remain vulnareable. You can open a ticket at vBulletin Support if you have that access. They are usually really helpful with these.

    Leave a comment:


  • IggyP
    replied
    hmm, is it possible they have root acct access?

    you may consider to only whitelist your local ip for ftp connection until u can learn more and resolve...

    Leave a comment:


  • Morfation
    started a topic Security ISSUE

    Security ISSUE

    We have a forum and someone whom we trusted had the FTP password, now that has been compromised, we changed the passwords on the FTP and database, but somehow they keep deleting the files, is there anything from the old files (if the attacker downloaded them) that would allow them access since we keep restoring the back ups?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X