Announcement

**Zachery** · Mon 22 Dec '08, 4:35am

If you're running 3.7.4 PL1 and your admincp is secure: short of database, or server access, there is no way to insert that code. Are you running any hacks addons or third party code?

**supergper** · Mon 22 Dec '08, 4:47am

Originally posted by @ngel View Post

My forum has been hacked 6 times in the last 3 months.

Vbulletin Support team blamed the hosting company, and my hosting company blamed Vbulletin every single time.

I decided to find out what happens since the support team was telling me the same security measures I should take, but every-time my forum was not safe enough.

The verdict is that there is an open security hole in spacer template, from where the hackers inject %base64 code and deface vbulletin forums.

Now, is there a way to close this security hole, or completely remove the spacer template?

I'd like to know how you determined there was a security hole and what that hole is? (Since if you KNOW there is a hole there, you would have to know what that hole is as well

).

**@ngel** · Mon 22 Dec '08, 5:44am

Originally posted by Zachery View Post

If you're running 3.7.4 PL1 and your admincp is secure: short of database, or server access, there is no way to insert that code. Are you running any hacks addons or third party code?

I am running 3.7.4 PL1 and my admincp is secure!
What do you mean by "short of database"?
I have completely remove any add-ons in order to find the problem since the first hack attempt!

Originally posted by supergper View Post

I'd like to know how you determined there was a security hole and what that hole is? (Since if you KNOW there is a hole there, you would have to know what that hole is as well

).

Well it was easy to understand it since the first time I got hacked! The following five times were just enough to reassure me! If I could new WHAT hole is, I would be in the vbulletin development team and not a customer!

**Wayne Luke** · Mon 22 Dec '08, 5:58am

Originally posted by @ngel View Post

I am running 3.7.4 PL1 and my admincp is secure!

What is the URL of your site?

**@ngel** · Mon 22 Dec '08, 6:17am

Originally posted by Wayne Luke View Post

What is the URL of your site?

I could PM it to you!
You can also see the support tickets I have opened all these times!

**OS,** · Mon 22 Dec '08, 6:37am

Who are you hosting with, who is your web host.

**Wayne Luke** · Mon 22 Dec '08, 6:44am

Going by your previous tickets, it appears that the attackers have direct access to your database or are able to upload files to your server and access your database through them. I suggested opening another ticket so we can look into this further but it doesn't appear that vbulletin is the point of entry.

I suggest changing all your passwords including the ones for your administrators, .htaccess, MySQL, FTP and Email. Do not use an insecure FTP method to access your site but instead use FTP over SSH or Secure FTP with a suitably difficult password of 12-16 characters. Your MySQL password should be a seemingly random string of characters at least 16 characters in length. Make sure that you do not have your password in any file except config.php. Make sure all .htaccess passwords and user names are different per directory as well.

Finally, make sure that phpMyAdmin is completely secure and only access your hosting control panel through SSL.

Announcement

Six Times Hacked

Six Times Hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment