Announcement

Collapse
No announcement yet.

My Forums got hacked - Please Help.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My Forums got hacked - Please Help.

    Today after school I went to go on my forums which are located at www.xboxevolved.com/forums and for some reason I wasnt logged in. That wasnt a big deal to me, since it sometimes does that. So I type in my username and password and it says password is incorrect. I try again and again and again. It still doesnt work. I then look try password recovery and type in my e-mail address and it says that e-mail address doesnt could not be found. So I was starting to get worried and mad. I look at the forum leaders and my name isnt on their.

    I e-mail a couple of people and I tell them this . .and they tell me that the forums were hacked into last night. I did not even know this. Well I wanted to find out who hacked into my forums and etc. Now a member posts an e-mail that was sent out by another admin. saying indeed the forums were hacked into. This is the e-mail :

    "Earlier tonight one of our best and most well liked forum members went on a rampage. He caused a great deal of damage to the image of XboxEvolved in the short time the "hacked" page's were viewable.

    He also modified post counts on alot of members, and may have banned some as well. We dont stand for things like this, and action will be taken as we see fit. If you post count was altered in anyway please email me (ill know if it really was) with the correct count and ill do my best to fix it.

    Also, in light of the event i suggest everyone, normal members, mods, and admins all change there password to something secure that contains letters and numbers, and is something nobody would ever guess out of the blue.

    We are all sorry for the email that was sent out earlier, it was not from John so please ignore it, we are also sorry for any inconvience we may have caused any forum members trying to access the site during the downtime.

    Thank you for your time

    Steve
    XboxEvolved.com


    Well now a user posts another e-mail showing this :

    Attention: Site has been hacked. You idiots banned me.. Boondock has revenge!



    Now suck my balls *****!


    Boondock used to be a member of our forums. He would always cause trouble, flame people, swear at people etc. So what I did was ban him. He wasnt a nice person.

    So basically all I need is your guys help .. I need to know what do to. I would like to contact his ISP and have them terminate is Internet .. but is this serious enough to do this?

    I just dont want him to get away with this and be able to do it again and again. Please help and tell me what I should do. Thankyou

    Sean

  • #2
    1. Report him to his ISP with all the necessary documentation.

    2. Report this to your host just in case he gained access via the server.

    3. Htaccess protect your admin and mod directories:

    The HTAccess Authentication Tutorial

    4. Upgrade to vB 2.2.8 which includes several security fixes.

    5. Use the global.php file in John's post in this thread which fixes another secutiry hole:

    http://www.vbulletin.com/forum/showt...threadid=57025
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      All that plus:

      - Upload getadmin.php to your forum directory.
      - Enter in your username.
      - Log into the admin control panel and change your old password.
      - Delete getadmin.php ASAP.
      You're my Prince of Peace
      And I will live my life for You

      Comment


      • #4
        Thankyou Nuno .. I was trying to figure out how to get my username and password back ..

        Comment


        • #5
          There is also a hack over @ vbulletin.org which prevents an admin with the userid=1 from being removed or having their profile details altered by another admin.So at least your account can't be tampered with.
          Techzonez - Tech News
          Techzonez Forums - Tech Community

          Comment


          • #6
            Just out of curiosity, what vB version were you using?
            Avatar Chat

            Comment


            • #7
              The forum link in his first post points to a vB 2.2.6 board
              Techzonez - Tech News
              Techzonez Forums - Tech Community

              Comment


              • #8
                Even 2.2.7 had a fatal XSS bug...this is why you should keep up to date
                --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                Web Design Forums.net: vB Board of the Month
                vBulletin Mail System (vBMS): webmail for your forum users

                Comment


                • #9
                  Originally posted by filburt1
                  Even 2.2.7 had a fatal XSS bug...this is why you should keep up to date
                  Sean,when a security bug is posted here at vBulletin.com,it can easily be read by a potential hacker.As filburt said,you should always make sure you have the latest version of vbulletin,or at least implement the required fix for the version you are running.
                  Techzonez - Tech News
                  Techzonez Forums - Tech Community

                  Comment


                  • #10
                    Hello,

                    The reason I have not gotten the update is because my dad erased the mail with my customer ID and number. He did that accidentally when he cleared his inbox. How am I able to get my ID and number back? Who do I e-mail?

                    BTW .. My friend John and I talked about the whole thing. The thing that really happened, really wasnt a hack but one of the members found out the password of an admin. Then he took my friend and I off admins, made himself an admin. and messed everything up. But still I did not like that, so 3 members got banned and banned for a long time.

                    Comment


                    • #11
                      http://www.vbulletin.com/members/lostpw.php
                      You're my Prince of Peace
                      And I will live my life for You

                      Comment


                      • #12
                        Thankyou nuno ..

                        Comment


                        • #13
                          also, backup your database and if any hacker messes with vb, re upload your old database to set everything back to norm
                          Running vB since 4-14-2002

                          Comment


                          • #14
                            Originally posted by Reverend
                            There is also a hack over @ vbulletin.org which prevents an admin with the userid=1 from being removed or having their profile details altered by another admin.So at least your account can't be tampered with.
                            I highly recommend using this. I have it on my board.

                            Here's a [link]
                            Last edited by Bungie; Sun 3 Nov '02, 8:20pm.

                            Comment


                            • #15
                              Originally posted by Steve Machol


                              3. Htaccess protect your admin and mod directories:

                              The HTAccess Authentication Tutorial

                              hey Steve that link isn't working for me. Im getting a page not displayed. Do you have another link?

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X