Announcement

Collapse
No announcement yet.

Database leak at the VB 3.6.8 PL2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • jasonlitka
    replied
    Originally posted by DanaSoft View Post
    PhotoPost was not deleting the threads in your forum; someone was exploiting a PHP issue via PhotoPost to delete threads - big difference.
    It was a vulnerability in PhotoPost that the developers refused to acknowledge. As far as I'm concerned that makes them and their software just as responsible as the person who wrote the hack script and the tool who decided to use it.

    Leave a comment:


  • DanaSoft
    replied
    Originally posted by jason|xoxide View Post
    If PhotoPost is installed it was probably that... All of my sites with it installed got F-ed a couple weeks ago (some multiple times) because PP was deleting forum threads and refusing to admit that they had a huge problem with their software that was letting people run whatever PHP code they wanted.
    PhotoPost was not deleting the threads in your forum; someone was exploiting a PHP issue via PhotoPost to delete threads - big difference.

    Leave a comment:


  • jasonlitka
    replied
    Originally posted by U2Lynne View Post
    Do you know what page/script they used to drop the tables? It seems like you should disable whatever plugin was used to do this or go see if there is an update to the plugin to fix this issue.
    If PhotoPost is installed it was probably that... All of my sites with it installed got F-ed a couple weeks ago (some multiple times) because PP was deleting forum threads and refusing to admit that they had a huge problem with their software that was letting people run whatever PHP code they wanted.

    Leave a comment:


  • AnT0NiuS
    replied
    Thank you very much for suggestions.

    I started investigation with the host provider. As soon as I find the script or page I will let you know.

    I have a suspicion that it could be script related to the customavatar table. But may be i'm wrong. Let's wait when my investigation will be done.

    Leave a comment:


  • Jake Bunce
    replied
    You will probably need to consult with your host to analyze the logs that U2Lynne is talking about.

    Leave a comment:


  • Lynne
    replied
    I would have looked in my access_logs and possibly my error_logs for that date and, if you know the time, that time.

    Leave a comment:


  • AnT0NiuS
    replied
    Originally posted by U2Lynne View Post
    Do you know what page/script they used to drop the tables? It seems like you should disable whatever plugin was used to do this or go see if there is an update to the plugin to fix this issue.
    How can I figure out from which page/script was the attack?

    Leave a comment:


  • Lynne
    replied
    Originally posted by AnT0NiuS View Post
    I had all MySQL privileges enebled untill somebody DROPed my vbulletin 3.6.2 database...

    Thanks for quick reply and link
    Do you know what page/script they used to drop the tables? It seems like you should disable whatever plugin was used to do this or go see if there is an update to the plugin to fix this issue.

    Leave a comment:


  • AnT0NiuS
    replied
    I had all MySQL privileges enebled untill somebody DROPed my vbulletin 3.6.2 database...

    Thanks for quick reply and link

    Leave a comment:


  • Jake Bunce
    replied
    The database user actually needs DROP privileges for some forum operations. That is why you are getting that error.

    I usually just enable all MySQL privileges for the database user. Here are some security tips:

    http://www.vbulletin.com/forum/showthread.php?t=194701

    Leave a comment:


  • AnT0NiuS
    started a topic Database leak at the VB 3.6.8 PL2

    Database leak at the VB 3.6.8 PL2

    Hi guys,

    I have a problem with my database. I updated the vbulletin form 3.6.2 up to the 3.6.8 PL2.

    My vbulletin 3.6.2 was hacked and somebody droped all my database. I recovered database from the backup and updated it to the latest 3.6.8 PL2 version.

    I denied DROP permissions for the vbulletin MySQL user, and now I have tons of these tables in my database:

    aaggregate_temp_********* (this tables are empty) | type --> MEMORY
    taggregate_temp_********* ( there is some data there) | type --> MEMORY

    and I started receiveing database errors like this:

    Invalid SQL:
    DROP TABLE IF EXISTS taggregate_temp_***********;

    Error MySQL : DROP command denied to user 'user'@'host' for table 'taggregate_temp_**********'
    Error Number : 1142
    Script : http://****************/forum/cron.php?&rand=91523
    Refferer : http://****************/forum/showthread.php?t=2526

    Could you help me with these unknown tables in my database? Which previliges for vbulletin mysql users should I set ( Select Insert Update Delete Create Drop Index Alter Tmp Lock)? Which security settings would you suggest to have for vbulletin in MySQL?

    Thanks a lot in advance.
    Last edited by AnT0NiuS; Mon 28 Jan '08, 7:12am.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X