Announcement

Collapse
No announcement yet.

Forum Hacked - Need Some Assistance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    kid.
    I woudl check your database and some other things on your server. in all my cases. just fixing the templates wouldnt get rid of it.
    they were well into my server.

    Comment


    • #17
      sounds like a SQL injection bug yeah, that is the worst bug that could be found in such popular software
      security community

      Comment


      • #18
        There is no such bug that lets anyone edit the database right now that we are aware of. Everytime we've found a case like I've described they've had direct access to the database/server.

        Comment


        • #19
          Yeah that was one term my host used.
          in all honesty its amazing what people can do on PCs.

          Modern day taggers LOL

          Comment


          • #20
            Originally posted by Zachery View Post
            There is no such bug that lets anyone edit the database right now that we are aware of. Everytime we've found a case like I've described they've had direct access to the database/server.
            Well.. Im telling you that they didnt have direct access to my stuff like that. The forum runs on a Plesk machine and my plesk account doesnt have shell access so unless the whole machine was compromised, which it wasnt, they got in some other way. Im sure it was through VBGallery.. the hacker registered an account and uploaded a file through VBGallery.

            Exactly how its described on the Photopost forum is what happened to me as well. I changed all the relevant database stuff so the values in my attachment earlier are irrelevant, thus me not editting them out.

            Comment


            • #21
              Zach as explained in teh support ticket I still have it on one of my .com sites your more than welcome to have access to the server to play with it if need be.

              when I say have it, I mean the file they uploaded through the gallery is still there I guess it just needs to be executed?



              Kid we are sure its through gallery also, not Vbulletin forums at all.

              Comment


              • #22
                Originally posted by Zachery View Post
                There is no such bug that lets anyone edit the database right now that we are aware of. Everytime we've found a case like I've described they've had direct access to the database/server.
                Maybe but when 3 users are reporting a hack that's apparently done by automated script party that I would bet a few $ you'll release a new version fastly
                security community

                Comment


                • #23
                  Originally posted by class101 View Post
                  Maybe but when 3 users are reporting a hack that's apparently done by automated script party that I would bet a few $ you'll release a new version fastly
                  Zachery has nothing to do with vBGallery so I would doubt that a new version of vBulletin would be released any time soon because of it.
                  [URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X