Announcement

Collapse
No announcement yet.

zero day hack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mna
    replied
    thanks Ralffan. I decided to contact my host and have them reset cpanel hosting/database to a backup they made around Septmeber 21st...as it seems my site was hacked on the 25th. This was the easiest method and I just had to update/patch vbulletin to the other version right when they restored the site. So far so good, no signs of a hack.

    Leave a comment:


  • Ralffan
    replied
    As they recommend, definitely you should download again vBulletin files (same version you are running now) and do a clean install of files. You may want to recover config files and custom images but I would recommend to be very careful doing this, I had some malicious files in a lot of folders including in images folders. You can make sure that all images have a correct extension and check the last modification date (if it's been modified or created in the last days, you should suspect).

    I also suggest to google before copying the entire image folder... For example this article has interesting tips: https://www.gregfreeman.io/2013/how-...n-compromised/
    if you do a clean file install, as you should, it's enough check in the images folders.

    Regarding if you should use a previous backup... What I did (I'm not saying it's best practice or anything similar) was to shearch in all tables for typical malicious code (this is what I did years ago when my vbulletin 4 site was infected, and I was able to remove malicious code). I did it easily using options of mysql workbench that allow to search in whole database. This page has the most common functions that you should search: https://www.fixrunner.com/how-to-sca...s-for-malware/ (it talks about wordpress and phpmyadmin, but you can use other database tools and the important things are the functions to look for and not if it's wordpress or vbulletin). Off course doing this you can still not be sure if you are safe... but the exploit is there since a lot of time ago so even restoring a backup from 1 or 2 weeks ago you are still not safe and you will lose data.... But also most sites seems to have been atacked in the recent days so it may be worh it.... I don't know, I'm still thinking if I should do it in my site.

    I'm not an expert, but I hope it may help you.

    Leave a comment:


  • mna
    started a topic zero day hack

    zero day hack

    If I have a backup of my site/database from 1-2 weeks ago, would it be OK to restore the forum to that day, then apply the security patch? Or do I need to do a fresh install? Since it seems my site has only been hacked since a couple days ago, I'm wondering if restoring to the earlier date would be safe, or if those files/database could be affected as well.
    Thanks.

    edit:
    also if I should do a clean install, is it OK to use the current database or do I need to use an older database backup from say 1+ weeks ago?
    Last edited by mna; Fri 27th Sep '19, 9:28pm.

Related Topics

Collapse

Working...
X