Announcement

Collapse
No announcement yet.

security issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • security issue

    Hi, if a vbulletin website has a security issue or hacked how should i proceed ?

    - is it important to give more information (website login/pass) to vbulletin staff to understand the security breach before doing anything ?
    - is there a specific precaution before restoring a saved website copy after security issue / attack ?
    - after doing security patch and upgrade, what's the best recommendation for basic security configuration or softwares ( using plesk in my case) to protect a vbulletin website ?

    with deep gratitude


  • #2
    • If you want us to fix the issue, we'll need access to your server.
    • Delete all existing files before restoring any backup.
    • Files in the vBulletin directories should not be writable. Not sure if you can set that up with Plesk or not. You'd have to contact your hosting provider.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      thank you Wayne, yes definitely i'll be happy to give you (or vbulletin staff) access to server, before deleting anything maybe it's interesting for vbulletin staff to see these hacking files and so prevent this happening in the future for other vbulletin users, and i'll be happy also to do learn how you clean it and fix it the right way. and yes in plesk its possible to set directories not writable.

      thank you to give me directives how to give you access to server..

      Comment


      • #4
        The files that are the end results really aren't that interesting to us. They won't tell us anything new on what happened.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          Please could you take a look at these directories permissions ? this is what i get by default..
          you suggest that directories should not be writable, so should i modify some permissions or it's ok ?

          thank you very much for your time and help and any suggestion..



          Click image for larger version  Name:	pic1.png Views:	0 Size:	41.1 KB ID:	4425379
          Click image for larger version  Name:	pic2.png Views:	0 Size:	23.0 KB ID:	4425382

          Comment


          • #6
            They are minimal. They won't protect your server.

            They would be better if you remove the write and execute permission for all users. This means you would have to add it back to upgrade but your system is more secure while in production. You would have to consult your Hosting Provider or Server Administrator for more information. If you have purchased an unmanaged hosting package to "save money", you should take courses to learn your OS and server setup through an online provider like Udemy or Coursera.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              i started by changing the first directory "admincp" from: rwx - rx - rx to rwx - r - r
              but after test i couldn't access to admincp (admin session) so i keep it rwx - rx - rx , (even rwx - rx - r is not working)

              maybe permissions shouldn't be changed for admincp, i have no idea of consequences for the other directories

              Comment


              • #8
                The /admincp/ directory doesn't even need to be on the server. It is being removed for new installations in 5.5.6. If the webserver user is the owner of the files, then 755 (rwx, rx, rx) will allow any potential exploit to take over your server. 644 (rw, r, r)will allow someone to potentially upload files to your server through an exploit. On my servers setting the permissions to 444 (r, r, r) works across the board.

                You'll need to contact your hosting provider to discuss the minimum viable permissions they allow. They are the best source of information on configuring your server.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment


                • #9
                  i was with them today to discuss the after hack.. they are kind but i didn't feel that they are so available concerning what they call job developer, but i'll ask them this specific question about permissions on directories of my vBulletin website.. thank you Wayne i'll be back with a "hosting provider" response..

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X