No announcement yet.

Hacked Board?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked Board?

    Hey guys visited my board today to be alerted by a thread about my board getting hacked? its running vb 3.6.0...
    the posts are as follows

     Degeniz Team hacked the message board via redirection to an image on their site, and it showed a penguin with the turkey Flag symbol, and a map with Turkey on it. Apparently they're a hacker site, with a message board and applications to go along with it.
    and various other posts.. i noticed a member called Degeniz team registered which its now banned... rumour has it they have hacked and disabled a few other boards in there time.. ive no idea what to beilve? as i wasnt online at the time.

    Is vbulletin easy to exploit and disable.. any precautions other than a backup to take? i apriciate some advice.. thanks

    anyone heard of dengesizteam team before?
    Last edited by chimaira; Sat 2 Sep '06, 5:41pm.

  • #2
    They have been busy.
    Recently there has been a problem with FlashChat.
    ...steven (vB3.8) | (vB4.2) |
    "I tried to clean this up but this thread is beyond redemption." - Steve Machol


    • #3
      People have been saying im glad the board is back. so im guessing it went down for a while... due to them... im trying to get as much information as possible as i wasnt online to witness anything.


      • #4
        Note: There are known security holes with at least two plugins that hackers are exploiting right now - Flashchat and TopXStats. I *strongly* recommend you remove at least these plugins if you have them.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography

        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        • #5
          Alternatively, both problems can also be fixed ;

          Baby, I was born this way


          • #6
            Okay i did the upgrade for top x stats~
            i keep getting users signing up and one made this thread

             ">"">>>><meta http-equiv="Refresh" content="0;url="> """" > 
              aƧıkları kapa
            Do you thnik they are tempo disabling my board via server side either via php or an sql injection or even xss to alow remote execution for vb 3.6.0

            my board url is just for refrence

            but cheers for the replies guys, hopefully they wont get no where now.
            Last edited by chimaira; Sun 3 Sep '06, 4:45am.


            • #7
              Hi chimaira,

              Did you try to do a "Suspect File Versions" check from;

              " admicp -> Maintenance-> Suspect File Versions "

              For an additional control.

              It seems they are assuming that you have still a security hole and they are trying use it more than once.


              • #8
                All that is fine ta
                Just annoying me as im getting a bombardedment of turkish users trying to make threads with this content

                 ">"">>>><meta http-equiv="Refresh" content="0;url="> """" >
                cant ban there host/ip as nothing comes up when i do a match
                Last edited by chimaira; Sun 3 Sep '06, 8:29am.


                • #9
                  u aint alone

                  there is a "team hackers" member wandering around

                  its done five boards i know of through links, images etc

                  sorry to but in .


                  • #10
                    Think I had one of them today, had a user sign up, didn't think too much of it, until I started getting a refreshed page to a Turkish site, one of my Mod's removed it and stopped it, but I've since banned their IP and email address (I traced the IP back to a Turkish host).


                    • #11
                      Idem i had:

                      Email Address : [email protected]
                      Birthday :
                      Referrer: N/A
                      IP Address: (from Ankara)

                      Hoping he didn't do anything bad.. Ip and email banned.

                      Anyone got this registration as well ?

                      Ps: we don't have any plugin, only 3.6
             Eu Web Hosting Solutions
                      Shared hosting with Cpanel/Fantastico
                      Live Help:


                      • #12
                        Is there any way of banning certain characters in the thread titles to prevent this happening?

                        ">"">>>><meta http-equiv="Refresh" content="0;url="> """" >
                        The IP of the one that stung me was using email [email protected].


                        • #13

                          I must have had at least 10 of these posts in the last 2 days, so far I have deleated all these users, deleated there posts, banned there IP's and banned email addresses. Getting fed up of them now pity they have nothing else better to do.....

                          As a last resort, I have now stopped all new registrations, I know it's a bit drastic.



                          • #14
                            Check this, it should solve the issue once and for all :



                            • #15
                              They got me this morning too, thanks for the info on fixing this.

                              email: [email protected]


                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.