Announcement

Collapse
No announcement yet.

My VB 3.0.3 just got hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My VB 3.0.3 just got hacked

    Greetings,

    just got a call from a member at 4am stating the forum is hacked. Couldn't take the shock as I was have dreaming.

    I entered the site and found half the threads are gone. I tried to login with my account (admin access but not ID:1) but unfortunately it does NOT exist anymore on the main page. The MySQL database looks still HUGE but dunno if those threads were deleted.

    Sorry, but any idea what is going on in the application ? any bug reported lately ?

    Thank you.

    Tariq AlAli

  • #2
    There is no known security bug that we are aware of no.

    It really is important to find out how they removed the thread or deleted users or got in.

    Comment


    • #3
      Originally posted by Floris
      There is no known security bug that we are aware of no.

      It really is important to find out how they removed the thread or deleted users or got in.
      then what could be the problem ? and how can I get access back ?


      -Tariq

      Comment


      • #4
        Without knowing how you are being hacked it's difficult to stop it. For instance if your server is being compromised then there is nothing in vB that will stop a hacker from taking over.

        Here's some things you can do to increase the level of security for your forums:

        1. Upgrade to the latest version.
        2. Do not install any hacks
        3. Password protect your Admin and Mod CPs: http://www.javascriptkit.com/howto/htaccess.shtml
        4. Make sure the getadmin.php (vB2) or tools.php (vB3) file is NOWHERE on your website
        5. If you have phpMyAdmin make sure it's password protected.
        6. Inform your host of these hack attempts and ask them to check the logs to see when your account was accessed.
        7. Also ask your host to change the login password for your account
        8. Change all your Admin and Mod passwords.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Perhaps they exploited PHP, does your host run PHP 4.3.10 ?

          Comment


          • #6
            Through "EMS MYSQL Manager" i managed to access the user's database and found the following:

            -all moderators are there
            -all admins accounts including ID:1 were deleted.

            Now how can i create an admin in order to manage the VB back ?

            Thank you in advance.


            REgards

            Tariq AlAli

            Comment


            • #7
              Also i wonder how can a user delete all ADMINS ?


              Tariq AlAli

              Comment


              • #8
                I suggest to restore a previous backup to restore your posts and users that are deleted.

                It is still important to find out how the user did this, if he guessed your admin password, if he exploited software on the server or perhaps did something through vBulletin.

                Comment


                • #9
                  Originally posted by Floris
                  I suggest to restore a previous backup to restore your posts and users that are deleted.

                  It is still important to find out how the user did this, if he guessed your admin password, if he exploited software on the server or perhaps did something through vBulletin.

                  The problem i dont have a previous latest backup. is there away to create admin accounts offline the VB ?

                  Regards

                  Tariq AlAli

                  Comment


                  • #10
                    You can register yourself as a new member.
                    Then upload tools.php from the do_not_upload/ folder and load it in the browser.
                    Click on 'restore admin' and enter the username.
                    That user is then admin of the forum.
                    Remove the file again.

                    Comment


                    • #11
                      Originally posted by Floris
                      Perhaps they exploited PHP, does your host run PHP 4.3.10 ?
                      its 4.3.8

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X