Announcement

Collapse
No announcement yet.

Hacked Board?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MaviJean
    replied
    iran.gs;

    As it stated before, vbulletin team not provide support for modifications and modified boards...

    But i think there should be a security team whose job is to test modifications against hacking threats. I know that will be a really hard job but i think without security checks on modifications we may face with similiar attacks.

    There can be a new staff group for this security checking job on vbulletin.org. Whose members are working on security check for popular modifications (may be voluntary).

    Leave a comment:


  • iran.gs
    replied
    they did me saturday also and i knew they did not hack my site but it was a hard thing to clean cuz these turkish delight they did not just post one they posted like 5 of them so i had to delete the thread and the post from the panel in order to fix this error but i dont have flash chat or the top x so its not the hack issue which are made in the vb.org anyway i just ip ban range the %80 turkey who needs them to come to my site but i know i lost lots of traffic in my site ppl are afraid when they see things like this i must have got over 400 mails they were upset, and my site was open to public so god knows how many ppl see that the worst part my site is about internet and pc and html looooooooooooool that really made me look better :)) .Is not even a hacked which is only a exploit direct hack i would not even call it hack cuz its a bad name for real hackers i was away so today i came and saw this here i must say i am pretty mad that why VB is not sending hack alert to all paying members so atleast we know these thing

    Leave a comment:


  • chimaira
    replied
    How are they finding out all these forums. lol

    Leave a comment:


  • Dead End Society
    replied
    They got me this morning too, thanks for the info on fixing this.

    IP: 88.229.81.215
    email: dengesizteam@mynet.com

    Leave a comment:


  • JasonWilliams
    replied
    Check this, it should solve the issue once and for all :

    http://www.vbulletin.org/forum/showthread.php?t=125726

    Leave a comment:


  • stuarttunstall
    replied
    Hi

    I must have had at least 10 of these posts in the last 2 days, so far I have deleated all these users, deleated there posts, banned there IP's and banned email addresses. Getting fed up of them now pity they have nothing else better to do.....

    As a last resort, I have now stopped all new registrations, I know it's a bit drastic.

    Stuart

    Leave a comment:


  • JasonWilliams
    replied
    Is there any way of banning certain characters in the thread titles to prevent this happening?


    Code:
    ">"">>>><meta http-equiv="Refresh" content="0;url=http://Turksecurity.org"> """" >
    The IP of the one that stung me was 88.224.0.121 using email emsalsiz_01@hotmail.com.

    Leave a comment:


  • Interdit
    replied
    Idem i had:

    Email Address : windows__@hotmail.com
    Birthday :
    Referrer: N/A
    IP Address: 88.234.38.70 (from Ankara)

    Hoping he didn't do anything bad.. Ip and email banned.

    Anyone got this registration as well ?


    Ps: we don't have any plugin, only 3.6

    Leave a comment:


  • JasonWilliams
    replied
    Think I had one of them today, had a user sign up, didn't think too much of it, until I started getting a refreshed page to a Turkish site, one of my Mod's removed it and stopped it, but I've since banned their IP and email address (I traced the IP back to a Turkish host).

    Leave a comment:


  • basilrath
    replied
    u aint alone

    there is a "team hackers" member wandering around

    its done five boards i know of through links, images etc

    sorry to but in .

    Leave a comment:


  • chimaira
    replied
    All that is fine ta
    Just annoying me as im getting a bombardedment of turkish users trying to make threads with this content

    Code:
     ">"">>>><meta http-equiv="Refresh" content="0;url=http://myturqey.com/a.htm"> """" >
    cant ban there host/ip as nothing comes up when i do a match
    Last edited by chimaira; Sun 3rd Sep '06, 8:29am.

    Leave a comment:


  • MaviJean
    replied
    Hi chimaira,

    Did you try to do a "Suspect File Versions" check from;

    " admicp -> Maintenance-> Suspect File Versions "

    For an additional control.

    It seems they are assuming that you have still a security hole and they are trying use it more than once.

    Leave a comment:


  • chimaira
    replied
    Okay i did the upgrade for top x stats~
    i keep getting users signing up and one made this thread

    Code:
     ">"">>>><meta http-equiv="Refresh" content="0;url=http://crzysldr.kayyo.com"> """" > 
      ašıkları kapa
    Do you thnik they are tempo disabling my board via server side either via php or an sql injection or even xss to alow remote execution for vb 3.6.0

    my board url is www.chimairaboard.com just for refrence

    but cheers for the replies guys, hopefully they wont get no where now.
    Last edited by chimaira; Sun 3rd Sep '06, 4:45am.

    Leave a comment:


  • Paul M
    replied
    Alternatively, both problems can also be fixed ;

    http://www.vbulletin.com/forum/showt...60#post1202960

    http://www.vbulletin.org/forum/showt...17#post1066817

    Leave a comment:


  • Steve Machol
    replied
    Note: There are known security holes with at least two plugins that hackers are exploiting right now - Flashchat and TopXStats. I *strongly* recommend you remove at least these plugins if you have them.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X