Announcement

Collapse
No announcement yet.

Thought I was secure but still got hacked - 3.6.8 patch level 2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Thought I was secure but still got hacked - 3.6.8 patch level 2

    After reviewing the thread titled "How To Make My Forums More Secure" I guess my forum wasn't as secure as I thought.

    I was in the process of starting a forum to support caregivers of those suffering from Alzheimer's Disease. I had not publicized the forum and I was the only registered member. I put it up in October 2007 and was intending to work with a local Alzheimer's Disease organization to get the forum going.

    Over the past few weeks I would get spammers registered from overseas with usernames like "buycheapvigrahere" - so I'd delete the user and block the first two sets of numbers in the IP address (XXX.XXX.*) to prevent that same person or anyone from that domain to register again.

    Then this week my firewall wouldn't let me get to the site, blocking it for having a virus/trojan exploit. I used WinSCP to look at some files at the site and found some odd ones including "sexboy.exe" in the forum root directory.

    Anyway I deleted the whole d*mn thing and now just redirect my domain to the local organization's site.

    1) I am stunned that the overseas spammers would start targeting a forum with one registered user.

    2) I am further stunned that some idiot thought he was being smart defacing a site aimed at helping people deal with Alzheimer's disease.

    It's just really discouraging to attempt to do something good for people only to have it torn down by hackers and/or script kiddies.

    If I put it back at some point, I'll follow the extra tips outline in the link at the top of this post to secure the site.
    -Gary

  • #2
    They must have found your site somehow. Perhaps there was a link somewhere on your site. Spiders are good at finding hidden links. Also, if you have any banners on your forum like Google Adsense then that can reveal your URL to their spiders.

    The inclusion of exe files and stuff is possible if you allow HTML anywhere on your forum. We highly recommend you do not allow HTML anywhere on your forum.

    You should also consult with your host to see if the server logs show any indication that the server itself was hacked. If the server was hacked then vBulletin's security features are useless.

    Comment


    • #3
      There has to be some exploit in vB 3.6.8 PL2, because I just woke up today to find my Site Hacked as well. Luckily I perform Daily Backups, so I am in the process of restoring the site.

      I contacted my host and they're in the process of checking the Server Log Files.

      I have many security implemented into my site, I just do not understand how they managed to get in.

      If its not a security flaw in vB 3.6.8 PL2 then it might be a security flaw in Host Rocket's Servers ... I will find out soon enough, I guess ...

      Comment


      • #4
        I've seen a few people in the last few weeks who have been on host rockets servers been hacked. If there was a real exploit we'd see alot more of it.

        Comment


        • #5
          I guess its HostRocket then ... Im restoring my Database, we'll see what happens hopefully the latest backup was not affected by the hack, if not I'll have to go back to 03/07/2008 and loose some posts/threads ...

          Comment


          • #6
            Chances are they modified your forumhome and style tables, they are directly injecting data into the database.

            Comment


            • #7
              ^ How would they be bale to do that. I dont allow HTML anywhere on my forums at all ...

              Comment


              • #8
                They have access to the server directly.

                Comment


                • #9
                  they got me yesterday morning. but I was running 3.6.4 like a dummy and didnt upgrade. at least I did on my other boards.

                  Comment


                  • #10
                    Any of you guys/gals who got hacked running "vBa Gallery" or an older version of "PhotoPost vBGallery" by chance? Looks like there is new round of kids out there looking to exploit the older & unpatched versions.
                    [URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]

                    Comment


                    • #11
                      kevin its not vbgallery old version anymore,

                      I believe they got mine through vbdynamics, I know they did around Christmas on th 4th hack in 3 days.
                      dummy me enabled dynamics back up to upgrade and then got busy for a few weeks thats how I am pretty sure they got in

                      Comment


                      • #12
                        Originally posted by Delw View Post
                        kevin its not vbgallery old version anymore,

                        I believe they got mine through vbdynamics, I know they did around Christmas on th 4th hack in 3 days.
                        dummy me enabled dynamics back up to upgrade and then got busy for a few weeks thats how I am pretty sure they got in
                        lMind shooting me a PM over at vBa with data about Dynamics possibly being the problem? If there is/was a problem with it I want to make sure Brian is aware of it.
                        [URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]

                        Comment


                        • #13
                          Im not running vBGallery, PhotoPost vBGallery, or vBDynamics on my Forums ... Gahhh, I need to know how they managed to get in cause I had added a lot of security to the Site to prevent this and then today I wake up to see this still happening.

                          Comment


                          • #14
                            Originally posted by Dannyloski View Post
                            Im not running vBGallery, PhotoPost vBGallery, or vBDynamics on my Forums ... Gahhh, I need to know how they managed to get in cause I had added a lot of security to the Site to prevent this and then today I wake up to see this still happening.
                            i would be nice to see a list of modifications you are running. Who knows, maybe one was updated because an exploit was found and someone knows about it.

                            Please don't PM or VM me for support - I only help out in the threads.
                            vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                            Want help modifying your vbulletin forum? Head on over to vbulletin.org
                            If I post CSS and you don't know where it goes, throw it into the additional.css template.

                            W3Schools <- awesome site for html/css help

                            Comment

                            Loading...
                            Working...
                            X