Announcement

Collapse
No announcement yet.

My forums have been hacked!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cole2026
    replied
    Well, it is always smart for you to change your password at least once a month in a public document. Just so you know.

    Leave a comment:


  • algolee
    replied
    Originally posted by Zachery
    You need to restore your database, and UPGRADE to vBulletin 2.3.5 or 3.0.3 there are a few issues with your current version http://www.vbulletin.com/forum/showthread.php?t=109257
    Thanks , Zachery !! Thank you very much !!
    I will patch calendar.php ~~

    PS. When I try to find some way to find answer , I found some link in Google , and those website at China ( Not Taiwan R.O.C.) which discuss how to using vbb's bug to crack vbb's website , it's so terrible !!
    Those post discuss how to use the bug of Calendar.php to got anyone's password ........
    Last edited by algolee; Sat 2 Oct '04, 6:10am.

    Leave a comment:


  • Zachery
    replied
    You need to restore your database, and UPGRADE to vBulletin 2.3.5 or 3.0.3 there are a few issues with your current version http://www.vbulletin.com/forum/showthread.php?t=109257

    Leave a comment:


  • algolee
    replied
    My vbb website was hacked recently , like Mark0308 .
    Since I find my password was change and some data was deleted , I restore whole database from my backup.
    But next day the hacker login into system with my account again ( I had changed my password since I found someone login into my site .)
    I don't know how them get my password , but I create .htaccess for protect /admin directory .
    Is it enough ?? or I have to do more thing ??
    My vbb version is 2.2.9 . Thanks ~~

    Leave a comment:


  • mishkan
    replied
    I see... then, it's worth my asking my web host if they've done that. Okay, thanks again!

    Leave a comment:


  • Scott MacVicar
    replied
    Probably not most webhosts will have done this already.

    Leave a comment:


  • mishkan
    replied
    Originally posted by PPN
    2. Make sure mysql can only be accessed from localhost, usually placing a block on your firewall on port 3306 will solve this.
    Thanks PPN.
    I am on a shared server, so #2 above doesn't apply to me, right?

    Leave a comment:


  • Scott MacVicar
    replied
    The root user is the administrator, they have full access to everything.

    There is various measures that can be used to ensure your server is secure, but most of these will be simply to implement.

    1. Ensure you use a different password for ftp than your forums and other accounts, if you use the same one then if someone finds it out they have access to everything.

    2. Make sure mysql can only be accessed from localhost, usually placing a block on your firewall on port 3306 will solve this.

    3. Use a .htaccess to protect your admin directory, this will require a user to login to view anything in that directory, then they will have to login again to use the admin panel.

    And last but not least always make backups

    In question to the encryption of the passwords, a md5 hash is created from the password, this is a 32 character string which cant be decrypted.

    Leave a comment:


  • mishkan
    replied
    Re: Re: Re: Re: My forums have been hacked!

    Originally posted by Nemesis2000
    I moved to a server where I have root access, and was able then to take more effective countermeasures.
    Newbie question... what exactly is "root" access?
    Can you please tell us what the countermeasures are?
    Thanks.

    Leave a comment:


  • Nemesis2000
    replied
    I have changed my password every day since the crap happened, plus I had my mods shift theirs a lot as well...

    I thought vB used MD5 encryption?

    Leave a comment:


  • leadZERO
    replied
    For those of you that had copies of your databases taken I would highly recommend changing your passwords and recommending all your users do the same. I don't remember what type of encryption they are using but if it is Salt encryption it can be easily brute-forced by today's fast computers.

    Leave a comment:


  • Nemesis2000
    replied
    Re: Re: Re: My forums have been hacked!

    Originally posted by mishkan

    Nemesis2000 , would you mind sharing all the security measures you took? Thanks.

    mishkan
    I moved to a server where I have root access, and was able then to take more effective countermeasures.

    Leave a comment:


  • mishkan
    replied
    Re: Re: My forums have been hacked!

    Originally posted by Nemesis2000


    I am virtually in the same spot you are bro. My forum has a dedicated individual seeking to destroy it. Be careful, because they now may have a copy of your DB.

    The server my forum is on has been locked down like fort knox.

    I hope you get through this. I hope I do too. These people wont go away.
    Nemesis2000 , would you mind sharing all the security measures you took? Thanks.

    mishkan

    Leave a comment:


  • Nemesis2000
    replied
    Re: My forums have been hacked!

    Originally posted by Mark0380
    I've just got out of bed to find a mailbox full of messages from my members saying my forums have been hacked. Sure enough, attempt to login into the forums and there's a message from a hacker group known as "Alhejaz_Hackers".

    On further investigation, it looks like they have somehow managed to up their user account to administrator privilege, then proceed to delete all of the forums and their posts, change the "forum_home" template, and then finish by deleting my own admin user account so I couldn't get back in.

    I've now created a new account for myself, logged into MySQL in the conventional method on the server, and changed my user privileges back to administrator so I can access the vB control panel once again.

    It does not appear that they broke into the FTP or the hosting company's site control panel fortunately. I am now writing to my hosting company (VentresOnline) to see if they can obtain a back-up of the MySQL database from yesterday, but even if I can get the site restored, I get the impression from the hackers message that they are going to keep on doing this to me.

    I really do not know which way to proceed next. The system has logged two different IP addresses for this hacker in the admin log. It looks like they have been able to login to the admin area with an account they opened moments before, which considering even registered users have fairly restricted privileges on my forums is very worrying.

    Has this ever happened to anyone else? What should I do next for the best? How can I make the site more secure? I am quite stunned that this has happened to my fairly small and insignificant forums site, and gutted that this has happened so soon after we'd just relocated to a decent hosting company. Help!
    I am virtually in the same spot you are bro. My forum has a dedicated individual seeking to destroy it. Be careful, because they now may have a copy of your DB.

    The server my forum is on has been locked down like fort knox.

    I hope you get through this. I hope I do too. These people wont go away.

    Leave a comment:


  • mishkan
    replied
    Originally posted by Kier
    What they mean is that trying to access http://www.somewhere.com/path/to/.htaccess will fail, as Apache refuses to serve requests for .ht* files.

    Regarding the print statement, what they mean is that config.php does not output any information, so simply browsing to http://www.somewhere.com/path/to/config.php would result in a blank page.
    Kier, thanks for the info. That really clarifies it for me. Sorry for the delay in getting back to you... I've been juggling a number of things lately... thanks again.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X