My board hacked 2 days ago 3.6.9

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Rostor
    Member
    • Jun 2001
    • 80
    • 4.1.x
    #1

    My board hacked 2 days ago 3.6.9

    Dear All,
    two days ago, my site was defaced due to the fact that I don't update the forum as soon as the patch was released.
    In any case, I spent 1 day to restore all the backup and now everything works fine.
    The attacker delete all the db, but I know that they did the first step 7 days ago when they try to put .c files on my w2k3 server ... lamer (no comment).
    There is a way in the admin log to trace the ip used 7 days ago when they did the first step ?
    Thanks for any kind of help.
    Renato
    Renato
    Tags: None
    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154488
      #2
      You cna check the Admin Logs but unfortunately they could have covered their steps.

      Please see this thread on how to make your vBulletin more secure:

      vBulletin 6, The World's Leading Community Software
      http://www.vbulletin.com/go/secure
      vBulletin Community Software


      If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography

      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • Rostor
          Member
          • Jun 2001
          • 80
          • 4.1.x
          #3
          Thanks Steve for the support, in the admin logs I didn't find nothing right now but I'm working on it.
          Do you know what kind of user I could find in this log when they accessed with the xss ?
          They were not able to take the access of my server, I'm quite sure about this.
          Renato

            Comment

            • slappy
              Senior Member
              • Apr 2003
              • 1206
              #4
              If they were able to get access to your "server", the logs you need to check is you "server's". If you don't have access to them, ask you ISP to check them for around the critical time and see if they can obtain an IP, but remember that a clever hacker can always use a proxy to conceal their own IP.

              Regards,
              Slappy

                Comment

                Previous template Next
                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                😀
                😂
                🥰
                😘
                🤢
                😎
                😞
                😡
                👍
                👎