Announcement

Collapse
No announcement yet.

Forum Hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zachery
    replied
    2.2.6 did have vuenerabiltys

    Leave a comment:


  • rsuplido
    replied
    We just got hacked today. Forum table was wiped and created two new forums with something like 'JAPANESE PIGS' on the names.

    I got the hacker's IP by the way through the logs. What's the best way to persue this? I can post the hacker's IP here if anyone wants it.

    Yes, my site was running 2.2.6 and I should update it to 2.3.5 at the least...

    Leave a comment:


  • Steve Machol
    replied
    There are known security issues in the version you are using. You should upgrade to 2.3.5 at the least.

    Leave a comment:


  • LCD_Angel
    replied
    Originally posted by Aviation Forum
    My forum was hacked today. Despite my judicious use of a long and random password, they must have somehow used a cracker to get in.

    You can see their lovely work here. I hope my ISP, Ventures Online, has backed up my mySQL database. If so, I can reinstall vB and lug the DB back in, I think. I am still embarassingly using 2.2.6 -- I haven't had time to update.

    Is there any way I can get back in and change my password back? They've changed it. It looks like they deleted all of the content/threads and vandalized some templates. What can I do? I need help. This is terrible.

    I am so angry. I have spent over a year pouring my creative energy into making something positive, something people can enjoy. Now these people have maliciously destroyed it. Please, help if you can.
    This is really interesting. Our forum was hacked just this week. I was wondering what they did to is as I am on Ventures Online as well.

    We were hacked by someone calling themself l1nux-root or something to that effect. He changed the background black and wrote something like whatever the hell you do that for... or something along those lines. We have since regained control, changed admin passwords, and are using .htaccess protection for the admin panel. I'm on 2.3.0

    Leave a comment:


  • Aviation Forum
    replied
    Thanks for all the help. I think the answer was simpler then I thought -- it looks like Ventures Online restored a mySQL backup for another database on another domain I have rather than the AviationForum.or database.

    I think that's the problem. If it isn't, I'll keep you posted.

    Leave a comment:


  • Floris
    replied
    You can take additional security meassures to ensure you at least have tried your best to prevent another hack.

    If the upgrade to 2.3.5 is 100% - make a backup, saves time next time you need to import!

    You can add .htaccess user/pass protection to the admin and mod control panel directories. Set a different user/pass then you use for the admin user/pass of vBulletin. If they exploit the software, they still need an additional user/pass to get in.

    Change your user/pass (at least the pass) to make sure they can't try again using the same user/pass. Change it for your admins too, so they are forced to reset it. You can do the same for your moderators, so they can't mass prune posts, etc.

    You can run offline trojan, virus and worm and naughty cookies catching software to fight exploits, abuse of cookie stealing etc.

    Change your forum pass on a regular basis.

    Keep an eye on the admin logs and web site logs, hack attempts might be noticed, and you can ban their IP.


    Ok, about the upgrade.

    In order to do a proper upgrade, make sure your backup isn't the hacked version. When it isn't, import the backup .sql to a new database, upload the 2.3.5 files and run the appropiate upgrade*.php file.

    Leave a comment:


  • Aviation Forum
    replied
    Okay...I need some more help. This isn't working. Let me go through all of the stuff I've done.

    1. Regained control of forum by changing password via phpMyAdmin
    2. Updated forum software to version 2.3.5
    3. Had Ventures Online (server) restore to DB backup
    4. Re-ran upgrade scripts per Scott's instructions -- while I was doing this, the first step in the upgrade encountered a DB error. Since Scott said I could just re-run the scripts, I bypassed the error by just typing in "step=3" in the url to move to the next step; the rest of the upgrade went fine.

    Okay, so all my old threads should be there, right? Nothing is back. The hackers deleted all forums and threads (not members), and those threads and forums are still missing.

    What should I do?

    Leave a comment:


  • Aviation Forum
    replied
    Fantastic. Okay. I'll restore the database to my 2.3.5 then re-run the upgrade scripts from 2.2.6. That should do the trick, correct?

    Leave a comment:


  • Zachery
    replied
    There are no known exploits to 2.3.5

    Leave a comment:


  • Aviation Forum
    replied
    BTW -- should 2.3.5 be rock solid until I am ready to go to vB3?

    Leave a comment:


  • Aviation Forum
    replied
    Awesome.

    Leave a comment:


  • Scott MacVicar
    replied
    You can leave the 2.3.5 software up and just restore the database via command line. Then run run the upgrade scripts for 2.2.6 - 2.3.5 and it will alter the database appropriately.

    Leave a comment:


  • Aviation Forum
    replied
    So I need to de-upgrade? How do I do that without a complete reinstall of 2.2.6?

    Leave a comment:


  • Zachery
    replied
    No, you will need to restore your 2.2.6 database and upgrade to 2.3.5

    Leave a comment:


  • Aviation Forum
    replied
    Okay...I hope I haven't screwed this up.

    I used phpMyAdmin to change the password and regained control of the software.
    I update from 2.2.6 to 2.3.5.
    Here is where I might have the problem. Can I import a database that was on 2.2.6 directly into 2.3.5?

    The hackers deleted all of the threads, so I need to import the old database. But I upgraded before importing. Will it be ok?

    Leave a comment:

Related Topics

Collapse

Working...
X