Announcement

Collapse
No announcement yet.

Another victim...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Another victim...

    Flog me with a wet noodle. Should have upgraded, but well, new Admin to this system, and taking over stuff when your predecessor didn't know what he was doing isn't always good.

    Yes, I got hacked by that Saudi person.

    As far as I can tell, the users are there, the data is there...I just can't get into the AdminCP, and get rid of that redirect to that site.

    Ideally I'd like to recover the data...but I'm not sure if it's possible.

    The system it's on has been secured, undoing it is a pain...again, legacy stuff.

    I can however get in via SSH and SFTP. Command-line MySQL (that's how I verified all that lovely info)

    There was a backup done, but it's a tad old, and there would be a lot of upset people if we lost that much data.

    Suggestions on where to look, or change?

    I did put in the calendar.php while I had the site down....but it's too little too late.

  • #2
    I replied to your PM already.

    Comment


    • #3
      I just fixed this. The hacker did a few wierd things and it took a while to figure it all out.
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography


      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


      Comment


      • #4
        Me Too!

        He got into my site, posted some link, then sent an e-mail out to the members. Not sure what damage was done yet to the site, I'm still checking.

        For now I disabled the calendar and removed admin rights to Admin. I hope that's enough to prevent another hack.

        I'm on version 2.3.5, which I thought was the secure version to run.

        Comment


        • #5
          2.3.5 is secure.

          Comment


          • #6
            Mgchan, the exploit used against this forum is fixed in 2.3.5. There are no known security issues with 2.3.5. This hacker may have gotten in with an insecure password or through your server.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Steve, you rock man!

              Think I've gotten everything back to normal.

              I've put the calendar.php fix in place...I think that's how he got in...

              I'll be upgrading to 2.3.5 probably this week...unless you think it should be done asap. Or should I go for 3.0.3?

              I've made a backup of the database when we regained control. But, I need to get the look and feel back to what it was... 10yo girls are screaming that it was down *sigh*

              Comment


              • #8
                Originally posted by Steve Machol
                Mgchan, the exploit used against this forum is fixed in 2.3.5. There are no known security issues with 2.3.5. This hacker may have gotten in with an insecure password or through your server.
                Thanks, I'll check on it. I automatically assumed his entry point was through the calendar function.

                So far it seems I was fortunate to have caught him early enough. I went though the admin log and he also changed a few smilies to point to files he was preparing to upload.

                Everytime he comes on as a new user to post a boast or taunt, I ban his IP, e-mail adress, delete the ID. Any other suggestions?

                Michael

                Comment


                • #9
                  Steve,

                  I have the system logs I'd like you to review, can I e-mail them to you. It seems that he got in by doing the lost password bit and having it sent to his e-mail address.

                  Thanks,
                  Michael

                  Comment


                  • #10
                    I would not be any good analyzing these logs for you. Feel free to start a support ticket about this:

                    http://www.vbulletin.com/members/mem...ontactform.php
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography


                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    Comment


                    • #11
                      Okay, thanks.

                      Comment

                      Loading...
                      Working...
                      X