Announcement

Collapse
No announcement yet.

Security problems

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security problems

    One year ago, a site was started, although it consisted out of a VB only. This site has changed owners and Domains three times, and every time it got hacked more than once.
    And even though it changed domain and admins, all of the members kept coming along, and so did those who hacked the VB before...

    So... now I am trying to get this to end, as I just started helping out as an admin at the just leased new VB (v 2.2) at (AGAIN) a new domain.But within 3 days, again the board got hacked, and filled with flashy colours and very 'nice' texts.

    I'm kinda sick of people hacking into the admin's accounts after one year of ahving to go through this :\
    And now, the VB owner decided to pull out, and left me to revive the forums...in some way...

    And my knowledge on VB isn't all that great, but what I most want to know is; in what way can I improve security (literally; all ways you can think of :/ ) to prevent this from happening, cuz sofar no one managed to get the people who keep hacking it.
    But I'm getting pretty sick of this :|
    Last edited by Isis; Mon 4th Feb '02, 1:08pm.

  • #2
    Security

    Can you trace back how they hacked the admin user accounts ? ..
    People dont 'just' hack your vB .. also set an .htpasswd/.htaccess to your admin/mod dirs, so the abuser has to hack twice to get in. If they do: they either 'guess' your passwords or have access to the server.

    Comment


    • #3
      Welll...I kinda doubt they guessed the paswords right, although, he might have hacked into the owner's hotmail account, come to think of it. But I cant be sure :\

      And I have no idea on how they hacked into it, cuz I'm not the VB owner and they kicked me out of the admin control panel while i was asleep, so I cant even enter the CP anymore.
      I'm still trying to find out how to get things straight again, I never worked with installing Vbulletin before, I;m just trying to keep the board alive :|

      Comment


      • #4
        Originally posted by Isis
        Welll...I kinda doubt they guessed the paswords right, although, he might have hacked into the owner's hotmail account, come to think of it. But I cant be sure :\

        And I have no idea on how they hacked into it, cuz I'm not the VB owner and they kicked me out of the admin control panel while i was asleep, so I cant even enter the CP anymore.
        I'm still trying to find out how to get things straight again, I never worked with installing Vbulletin before, I;m just trying to keep the board alive :|
        Hotmail rofl .. I rest my case.

        Anyway, check the admin logs (and lets hope your admin was as smart as me and disabled allowing admins to prune the admin log) .. at least you would have the IP's of the attacker.

        Comment


        • #5
          If none of the administrators can enter the Admin CP, here's what to do.

          First you need to register a new user. Complete activation if you have that turned on.
          Then grab 'getadmin.php' from the 'extras' folder of your vBulletin zip file and upload it to your main forums directory. Run it in a browser (e.g. go to yoursite.com/forums/getadmin.php) and use the username that you just registered.

          This should promote you to admin and allow you to enter the Admin CP.

          Now, as to the hacking problem, you MUST use a complex password. Numbers, letters, upper- and lower-case. If the password is being guessed it is too easy or is a dictionary word.
          Also you should set .htaccess to make the /admin directory password-protected by the server.

          If they access to the server itself none of this will actually matter but I highly doubt this is the case.

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X