Announcement

Collapse
No announcement yet.

Hacked last night

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked last night

    My forum got hacked last night.. it's looks pretty bad. At first it looked like they deleted my index page but it seems like they only added a rdirect in the database so the indexpage to show something different. They also deleted my administrator usernames..
    how do you think that was possible? my forum was updated at the latest version 3.6.7


    (www.knicksonline.com/forums/)

  • #2
    Do you have any customizations such as file edits/plugins? Is your password easy to guess (did you also change it after the hacking?)? Have you spoken with your host to check the server logs to see where the points of entry could have come from?
    Congratulations on the death of vBulletin, Internet Brands.

    Comment


    • #3
      the attack came from saudi arabia, i checked the adminlog from mysql and noticed that besides deleting 2 users (both admins) and editing the forumhome template, he also edited the faq and the suergroups.
      my password could have been guessed, i'm sure. I have afew file edits but notjing important. The user that created this, was apparently registered on july 2 2006 when i was still under phpBB. the thing is he deleted my username that had +2000 posts. Is there anyway to restore that? what tables must be altered?

      Comment


      • #4
        The only way to restore the database is to upload an old backup. There's no telling what other kind of access he may have had as well, so I would suggest changing all your passwords that are associated with the site.
        Congratulations on the death of vBulletin, Internet Brands.

        Comment


        • #5
          You should put your admin accounts in the config.php so that attackers cannot alter/delete your main admin accounts.

          Comment


          • #6
            How do i do that?

            Comment


            • #7
              Originally posted by rady View Post
              How do i do that?
              In includes/config.php:

              PHP Code:
                  //    ****** UNDELETABLE / UNALTERABLE USERS ****** 
                  //    The users specified here will not be deletable or alterable from the control panel by any users. 
                  //    To specify more than one user, separate userids with commas. 
              $config['SpecialUsers']['undeletableusers'] = ''
              Look for that section, and then put all administrator UserIDs in the ''.
              Congratulations on the death of vBulletin, Internet Brands.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X