Announcement

Collapse
No announcement yet.

Exploited: Unsuccessful recovery

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exploited: Unsuccessful recovery

    My site was exploited this week. They deleted my admin account and defaced the index page. All the other pages seem to be working fine.

    Since then, with some help from Steve, I was able to get my admin account back up and upgrade vB to 3.6.8 and got PhotoPost to the newest version.
    I made my admin user undeletable in the config file and banned suspicious IP addresses. I've gone through Suspect Files and deleted the stuff that wasn't necessary.

    Yet, even with all that, my index page is still defaced.

    I'm running out of places to look. Can someone help me?

    Thank you.

  • #2
    Allow me to say how completely impressed I've been with the vBulletin staff this past week.

    I discovered I had not finished reverting some of the files. When I did, bammo! Thanks to vBulletin and Steve especially.

    Now, a little spit-polish and I'll be good-as-new.

    My lessons:
    1. Diligence, I assumed I was safe since I thought my site was so insignificant as to not draw attention.
    2. Better back-up strategy.
    3. Stay current, always.

    Comment


    • #3
      A good practice that I do myself is to have 2 admin accounts for yourself, one which is marked as undeletable (user id 1 in my case) and one which may for example only have super moderator priviledges.

      Also one point to remember the most common way a site is compromised is through outdated server software such as the HTTP daemon for example. The next most common would be through modifications to vBulletin.
      http://data.collectiveirc.net/status/user/Jobe.png

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X