Announcement

Collapse
No announcement yet.

If our site was hacked how far can they get into our server?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • If our site was hacked how far can they get into our server?

    So we were one of the large number of sites hacked this past week. Hackers put several directories in our vbulletin folder and they also changed the .htaccess file in the same folder. From a quick glance it doesnt appear that any other folders or files were modified above the vbulletin folder. My question is, does this hack allow access to only the main vbulletin and child folders, OR does this hack allow them to go anywhere on the server?
    Admin for hobbysquawk.com
    VB 5.7
    PHP 7.4
    Maria DB 10.6

  • #2
    mark.hs You wouldn't believe it, but unfortunately, it is true. I have been the victim of the attack on September 27.

    I ran one of the malicious php files that the hackers dropped to see what it included, and to my horror, it displayed everything in the root directory even above the forums and gave full control to the viewer.

    Since my hosting plan was to include several other websites, the hackers destroyed everything I had there as well. Luckily, I had a clean backup. What I am going to do is to purchase a security service from sucuri.net to make sure that everything is ok. Do a scan of your website at sucuri to see if it has been blacklisted, as happened with me

    The first step (which I think you did) is to remove the suspicious files and turn off vbulletin immediately.
    The next step is: if you have a clean backup dating back to earlier than September 23, then delete everything and reinstall your scripts.
    The third step: subscribe to a firewall system like www.sucuri.net and after you get things cleaned from malicious files, you can start up with your backup files. Remember to upgrade to vb the latest version or apply the patch.

    Comment


    • #3
      We have no idea on how far they can get into your server. It will all depend on the permissions that you have provided the Web Server that you are using. If you are using something like phpSUEXEC, then they will be limited to your public_html root. If your web server can read and write outside of public_html, they have access outside of public_html.

      Ideally, the Web Server will only be able to Read and Execute files within the public_html directory and only be able to write in very specific locations. Unfortunately, most people run their websites with 755 permissions which gives the Web Server a lot more leeway in writing files. Or they run PHP in FastCGI under a different user with its own permissions.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #4
        the hacker on my site somehow uploaded these files
        x.php
        as.php
        alz.php

        the x.php can change the chmod, renaming and whatever else the destructive nature the hacker desired, the others was to do with logging in, not sure what though, when I seen them I downloaded them and deleted them off my server...

        they did make a mess of my server (website), thank goodness that I did a full site backup

        to readers, always do a full backup, you never know

        Comment

        Related Topics

        Collapse

        Working...
        X