Announcement

Collapse
No announcement yet.

Help Hackers hacked my vBulletin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MRGTB
    replied
    Originally posted by Bill Smith View Post
    In wartime, sometimes it's more productive to blow up the bomb making factory that creates the havoc, than shooting down the bombers whom fly over day after day causing the destruction

    My advice...Target these apparent spammers instead of looking for the cure...

    dengesiz-team.org

    and

    hacking-sabotage.com

    Note these two websites may well be false targets
    Thing is there actually advertising there site link on the hacked page posted on sites they've hacked. So it looks as though they want the traffic going to there site and are not bothered.

    Leave a comment:


  • Sax on the Web
    replied
    Originally posted by HUMMER View Post
    My orchid forum, www.orchidgeeks.com has been hacked by Russian hackers http://dengesiz-team.org/vb.htm

    When you go to orchidgeeks.com/forum (I think you might have to be logged in to view it) the page re-directs to http://dengesiz-team.org/vb.htm.
    How do I remove or fix this?
    It is not clear to me if they hacked the server housing your forum or if this is really vBulletin related?

    Leave a comment:


  • Bill Smith
    replied
    In wartime, sometimes it's more productive to blow up the bomb making factory that creates the havoc, than shooting down the bombers whom fly over day after day causing the destruction

    My advice...Target these apparent spammers instead of looking for the cure...

    dengesiz-team.org

    and

    hacking-sabotage.com

    Note these two websites may well be false targets

    Leave a comment:


  • steven s
    replied
    Has anyone been looking at their logs?
    I found this in my error log.

    I caught it just in time.
    [Mon Sep 4 15:20:11 2006] [error] [client 200.82.226.80] File does not exist: /home/username/public_html/forum/chat//inc/cmses/aedatingCMS2.php
    I would have been hacked if that file was still there.

    Leave a comment:


  • Steve Machol
    replied
    There are no known security issues with 3.6.0. There is a BIG issue with the FlashChat and TopXStats plugins.

    Please see this thread on how to make your vBulletin more secure:

    http://www.vbulletin.com/forum/showthread.php?t=172234

    If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.

    Leave a comment:


  • kurzo
    replied
    I too, have been hacked - though to no great extent, but hacked never the less.

    I have a server with Rack Space and they said my forum was compimised through the vbulletin file 'online.php'.

    I also had FlashChat loaded, but have since uninstalled.

    Is there a security issue with online.php? Will 3.6 fix this?

    thanks

    Leave a comment:


  • puertoblack2003
    replied
    Originally posted by HUMMER View Post
    So your saying to just uninstall the x top stats, or is there a patch for it?

    Thanks
    -Dave
    yes for the time being till you get straighten out go here for the info http://www.vbulletin.org/forum/showthread.php?t=93065
    once you do the config i guess reinstall it.

    Leave a comment:


  • HUMMER
    replied
    So your saying to just uninstall the x top stats, or is there a patch for it?

    Thanks
    -Dave

    Leave a comment:


  • puertoblack2003
    replied
    Originally posted by HUMMER View Post
    gCtrl, I don't care if these guys are Japanese. They are ruining my forums and I don't have time to check "flags"


    Is there any template or file I should be looking in for how to resolve this hacking?
    check your topXstat hack there is an expolit that they know about and a fix for it my board was hacked to and was able to recover quick and during that process i uninstalled that hack everything is good so far.

    Leave a comment:


  • HUMMER
    replied
    gCtrl, I don't care if these guys are Japanese. They are ruining my forums and I don't have time to check "flags"


    Is there any template or file I should be looking in for how to resolve this hacking?

    Leave a comment:


  • gCtrl
    replied
    Bill Smith i'm speak with HUMMER..
    Last edited by gCtrl; Sun 3 Sep '06, 1:16am.

    Leave a comment:


  • Bill Smith
    replied
    I'm nnot blaming the Russians, these guys have their site registered in Turkey and are causing a lot of trouble on a lot of forums and it's not just vBulletin, take a look at joomla.org

    What's the point???

    Google him

    tolga yildiz
    iskenderun
    Hatay, 31200
    Turkey
    +90.4440542
    [email protected]

    Leave a comment:


  • gCtrl
    replied
    Originally posted by HUMMER View Post
    hacked by Russian hackers
    All the time you blame Russians, for all deadly sins, but you'd better go and learn the flags of the countries of the world.
    You cannot distinguish a sickle-and-hammer from a turkish star =\

    Leave a comment:


  • Bill Smith
    replied
    Here's some interesting whois information for you over these hackers.

    It may be a good idea for you to email [email protected] and ask them to shut these websites down, or perhaps do a google search for tolga yildiz

    dengesiz-team.org

    Domain ID127594514-LROR
    Domain NameENGESIZ-TEAM.ORG
    Created On:21-Aug-2006 16:54:43 UTC
    Last Updated On:23-Aug-2006 06:48:01 UTC
    Expiration Date:21-Aug-2007 16:54:43 UTC
    Sponsoring Registrarotregistrar.com (R114-LROR)
    Status:CLIENT TRANSFER PROHIBITED
    Status:TRANSFER PROHIBITED
    Registrant ID:1523205-R
    Registrant Name:hacking-sabotage.com
    Registrant Street1:kopru alti
    Registrant Street2:
    Registrant Street3:
    Registrant City:hackcity
    Registrant State/Province:-
    Registrant Postal Code:31200
    Registrant Country:TR
    Registrant Phone:+90.9009000000
    Registrant Phone Ext.:
    Registrant FAX:+90.3269009092
    Registrant FAX Ext.:
    Registrant Email:[email protected]
    Admin ID:1523205-A
    Admin Name:hacking-sabotage.com
    Admin Street1:hackcity
    Admin Street2:
    Admin Street3:
    Admin City:Hatay
    Admin State/Province:-
    Admin Postal Code:31200
    Admin Country:TR
    Admin Phone:+90.9009000000
    Admin Phone Ext.:
    Admin FAX:+90.3269009092
    Admin FAX Ext.:
    Admin Email:[email protected]
    Tech ID:1523205-T
    Tech Name:hacking-sabotage.com
    Tech Street1:hackcity
    Tech Street2:
    Tech Street3:
    Tech City:Hatay
    Tech State/Province:-
    Tech Postal Code:31200
    Tech Country:TR
    Tech Phone:+90.9009000000
    Tech Phone Ext.:
    Tech FAX:+90.3269009092
    Tech FAX Ext.:
    Tech Email:[email protected]
    Name Server:NS1.CALISANHOST.NET
    Name Server:NS2.CALISANHOST.NET

    and also

    hacking-sabotage.com

    Domain Name: HACKING-SABOTAGE.COM
    Registrar: DSTR ACQUISITION VII, LLC
    Whois Server: whois.dotregistrar.com
    Referral URL: http://www.dotregistrar.com
    Name Server: NS2.HOSTSIMA.NET
    Name Server: NS1.HOSTSIMA.NET
    Status: REGISTRAR-LOCK
    EPP Status: clientDeleteProhibited
    EPP Status: clientTransferProhibited
    EPP Status: clientUpdateProhibited
    Updated Date: 28-Aug-2006
    Creation Date: 07-Feb-2006
    Expiration Date: 07-Feb-2007

    Registrant:
    tolga yildiz (HACKING-SABOTAGE-COM-DOM)
    iskenderun
    Hatay, 31200
    Turkey
    +90.4440542
    +90.4440542
    [email protected]

    Domain Name: HACKING-SABOTAGE.COM
    Status: PROTECTED

    Administrative Contact:
    tolga yildiz [email protected]
    iskenderun
    Hatay, 31200
    Turkey
    +90.4440542
    Fax- +90.4440542

    Technical Contact, Zone Contact:
    tolga yildiz [email protected]
    iskenderun
    Hatay, 31200
    Turkey
    +90.4440542
    Fax- +90.4440542

    Record last updated on 28-Aug-2006.
    Record expires on 07-Feb-2007.
    Record created on 07-Feb-2006.

    Domain servers in listed order:

    Name Server: ns1.hostsima.net
    Name Server: ns2.hostsima.net
    Attached Files
    Last edited by Bill Smith; Sun 3 Sep '06, 12:36am. Reason: Added attachment

    Leave a comment:


  • steven s
    replied
    Originally posted by HUMMER View Post
    No I don't use any flash chat. Just straight vBulletin.
    Any mods or hacks?
    Could also have been through someone sharing your server.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X