Announcement

Collapse
No announcement yet.

Site Hacked! Need Help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site Hacked! Need Help!

    The Digital Media FX Magazine vBulletin forums - installed by vBulletin - have been hacked at http://www.digitalmediafx.com/forums/index.php

    What is the appropriate way to recover from this? Any advice or assistance on how to proceed would be greatly appreciated, particularly since we had vBulleting install the forums.

    Hopefully hackers will find bigger challenges in the future.

    [email protected]

    Sincerely,


    Joe Tracy, Publisher
    Digital Media FX - The Power of Imagination
    http://www.digitalmediafx.com

    P.S. What's the best way to safeguard from this in the future?
    Last edited by jtracy; Tue 3 Jul '01, 4:39pm.

  • #2
    First you need to upgrade to v2.0.1. I'm not sure which version you are using but this CSS:
    BODY {CURSOR: default; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; FONT-SIZE: 12px}
    UL {CURSOR: default; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; FONT-SIZE: 12px}
    etc...
    is from several versions ago, one of the betas. It will fix a major security hole.

    Second thing is all they did is edit your header template. One quick look at the source found these tags:
    <noframes>
    <noscript>
    which makes everything below it invisible. They just added their 3 lines and those tags...your page is still there below that. Take those out and everything will show up again.

    Kinda lousy hackers...take the cheap&easy way out.

    Comment


    • #3
      Re: Site Hacked! Need Help!

      Originally posted by jtracy
      P.S. What's the best way to safeguard from this in the future?
      Their wording - "exploited" - makes it sounds as though they may have taken advantage of security hole that existed pre-beta 3 or another that existed pre-RC3. In either case they have fixed in the latest version, 2.0.1. Upgrading to that should help. Also you and any other admins or others who have control panel access should change their passwords and ensure their email addresses are correct.

      Comment


      • #4
        Good advice, however they changed my login information, etc. How do I get back into my own forum to delete the hack? Also, is the upgrade to 2.0.1 easy to implement? As stated earlier, I had vBulletin do the original installation.

        Thank you for your assistance.

        Joe Tracy
        [email protected]

        Comment


        • #5
          Same hack attack here. www.bsboard.com I already figured out the altrered header, but as stated earlier, my admin lgin has been removed....what do I/we do?

          Comment


          • #6
            I believe you can use getadmin.php that was in the extras directory in the vB download.
            Off-Road Forum

            Comment


            • #7
              jt:
              try using the admin password "blah"....thats what Neiller had switched mine to. I'm back up and running now, but I'll have to recode the entire HEADER.

              Comment


              • #8
                Before you do the header DO THE UPGRADE!

                Congratulations on getting back in. Did you use getadmin.php?
                Off-Road Forum

                Comment


                • #9
                  Dune, yes! Thanks for reminding me of that nifty little script. I'll be upgrading to the gold 2.0 asap.

                  Comment


                  • #10
                    2.0.1
                    Off-Road Forum

                    Comment


                    • #11
                      Thanks for the tips. Unfortunately "blah" didn't work for me. I also haven't found the getadmin.php script in the Members area yet...

                      Joe Tracy

                      Comment


                      • #12
                        It was not in the members area. It was in the dowload package under /extras
                        Off-Road Forum

                        Comment


                        • #13
                          jt: getadmin.php is included in the 2.0 download. download version 2.0 and you'll find getadmin.php in a folder called "extras"

                          Comment


                          • #14
                            I was able to get and upload getadmin, however it simply asks what user I would like to promote to administrator status. Typing in my own username fails as it calls for a login, but I don't have the password that was changed by the hackers. I can't register a new name because the forums are hacked and unaccessible. Thoughts?

                            Here's the error message I get when I type in my alias using this script:

                            "You are either not a valid administrator or have not logged in. Please log in now:"

                            Thank you.

                            Joe Tracy
                            [email protected]
                            Last edited by jtracy; Tue 3 Jul '01, 7:41pm.

                            Comment


                            • #15
                              I just got back in. I had the GetAdmin.php script installed in the wrong directory. Once I got it to the right directory it worked like a charm and I, of course, instantly deleted it.

                              Joe Tracy

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X