Announcement

Collapse
No announcement yet.

Forum keeps on getting hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forum keeps on getting hacked

    I don't know if its a flaw somewhere in vbulletin but last week all forum and all members were deleted i come home today to find the same has happened. I have 3 admins and 2 super moderators. Maybe one of them is giving out their information for the person to delete my forums. Its really annoying.
    My Football Forum

  • #2
    What version of vBulletin do you run, also what are the mySQL/php/apache (if you run that webserver) versions?

    Remember that vBulletin if only as secure as the server it runs on, you will need to scan your logs and determain the point of access the cracker is using. Asuming of course that is is not an 'inside job'.

    Right now, change all your crucial passwords (ftp, root, mySQL web admin if you use one, vB admin acounts/super mod acounts) then update all software to the latest versions if possible.
    Last edited by Brad.loo; Fri 17 Sep '04, 3:03am.

    Comment


    • #3
      Thanks I'm running vb 3.0.3

      PHP Version 4.3.8
      Apache v1.3.31
      Linux
      MySQL: 4.0.20-standard-log

      I think its an inside job, someone telling people my password, well changing it first then telling them.
      My Football Forum

      Comment


      • #4
        You should htaccess password protect your forums and remove all other access to the Admin CP until you can verify who the traitor is.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Its happened again (TODAY 30th Sep) even though i'm the only admin. I have 2 supermods 4 moderators. But the hacker has logging in using my account and done everying using my account. I looked at the control panel log and its all in my name (the admin name i use)

          I think i'm going to have to change my admin account to invisable and change the name of it. Can i make it so that no people can see the admin on the members list?
          My Football Forum

          Comment


          • #6
            Are you secure yourself? Do you have an antivurus program? It is possible that you yourself have been comprimised.

            Comment


            • #7
              Originally posted by Zachery
              Are you secure yourself? Do you have an antivurus program? It is possible that you yourself have been comprimised.
              I have Mcaffe Firewall, Visrus Scan and Spamkiller all installed and enabled?
              My Football Forum

              Comment


              • #8
                Is there anyway I can deactivate my so no-one can access it? Just like turn it off (ban myself) the only way this could be done would be via phpmyadmin wouldn't it? But where would i look and what would i change?
                My Football Forum

                Comment


                • #9
                  Originally posted by Zachery
                  Are you secure yourself? Do you have an antivurus program? It is possible that you yourself have been comprimised.
                  Should I remove the /install folder from the forum root directory? The one with the upgrade files in?
                  My Football Forum

                  Comment


                  • #10
                    Originally posted by boro_boy
                    Should I remove the /install folder from the forum root directory? The one with the upgrade files in?
                    I would highly recommend it as it is no longer necessary. You may also want to change the name of the admin directory to something other than admincp but make sure you make that change in your config.php file as well. Lastly contact your hosting provider and have your login name and password changed, they may be getting in by another route.

                    Comment


                    • #11
                      No, you should LEAVE the install folder alone and only delete the install file, you cannot do anything harmfull, let alone run any of the files without your vBulletin.com members area login, as well as you NEED the xml files that are kept in there.

                      Comment


                      • #12
                        Originally posted by Zachery
                        No, you should LEAVE the install folder alone and only delete the install file, you cannot do anything harmfull, let alone run any of the files without your vBulletin.com members area login, as well as you NEED the xml files that are kept in there.
                        Ok thanks, just re-uploading the files but without the install.php file.

                        I've changed the name of the admin folder and changed is respectfully in the config.php file. What else could i do? I have made myself invisable.
                        My Football Forum

                        Comment


                        • #13
                          Originally posted by Zachery
                          No, you should LEAVE the install folder alone and only delete the install file, you cannot do anything harmfull, let alone run any of the files without your vBulletin.com members area login, as well as you NEED the xml files that are kept in there.
                          ????

                          You don't need the xml files and if there is a time that you would require them then you just upload them again...also his login maybe compromised hence the removal of the install directory.

                          Comment


                          • #14
                            As i said, there is no real reason to remove this, any time you want to make a new style it pulls from the style xml. None of the files there can cause any harm, even if someone had his vB.com login they couldnt run the upgrade script, it would redirect him to the admincp.

                            Comment


                            • #15
                              I just want to know how they are finding out my password!!!! I only changed it last week and it was random numbers and letters "34934tie4irjfgdf9gu0gd" like that but about 20 characters long. I know the ip of the person who done it but the past 2 times they have been done via an anonymous ip.
                              My Football Forum

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X