Announcement

Collapse
No announcement yet.

Six Times Hacked

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Six Times Hacked

    My forum has been hacked 6 times in the last 3 months.

    Vbulletin Support team blamed the hosting company, and my hosting company blamed Vbulletin every single time.

    I decided to find out what happens since the support team was telling me the same security measures I should take, but every-time my forum was not safe enough.

    The verdict is that there is an open security hole in spacer template, from where the hackers inject %base64 code and deface vbulletin forums.

    Now, is there a way to close this security hole, or completely remove the spacer template?

  • #2
    If you're running 3.7.4 PL1 and your admincp is secure: short of database, or server access, there is no way to insert that code. Are you running any hacks addons or third party code?
    Last edited by Zachery; Mon 22 Dec '08, 5:00am.

    Comment


    • #3
      Originally posted by @ngel View Post
      My forum has been hacked 6 times in the last 3 months.

      Vbulletin Support team blamed the hosting company, and my hosting company blamed Vbulletin every single time.

      I decided to find out what happens since the support team was telling me the same security measures I should take, but every-time my forum was not safe enough.

      The verdict is that there is an open security hole in spacer template, from where the hackers inject %base64 code and deface vbulletin forums.

      Now, is there a way to close this security hole, or completely remove the spacer template?
      I'd like to know how you determined there was a security hole and what that hole is? (Since if you KNOW there is a hole there, you would have to know what that hole is as well ).

      Comment


      • #4
        Originally posted by Zachery View Post
        If you're running 3.7.4 PL1 and your admincp is secure: short of database, or server access, there is no way to insert that code. Are you running any hacks addons or third party code?
        I am running 3.7.4 PL1 and my admincp is secure!
        What do you mean by "short of database"?
        I have completely remove any add-ons in order to find the problem since the first hack attempt!

        Originally posted by supergper View Post
        I'd like to know how you determined there was a security hole and what that hole is? (Since if you KNOW there is a hole there, you would have to know what that hole is as well ).
        Well it was easy to understand it since the first time I got hacked! The following five times were just enough to reassure me! If I could new WHAT hole is, I would be in the vbulletin development team and not a customer!

        Comment


        • #5
          Originally posted by @ngel View Post
          I am running 3.7.4 PL1 and my admincp is secure!
          What is the URL of your site?
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment


          • #6
            Originally posted by Wayne Luke View Post
            What is the URL of your site?
            I could PM it to you!
            You can also see the support tickets I have opened all these times!

            Comment


            • #7
              Who are you hosting with, who is your web host.

              Comment


              • #8
                Going by your previous tickets, it appears that the attackers have direct access to your database or are able to upload files to your server and access your database through them. I suggested opening another ticket so we can look into this further but it doesn't appear that vbulletin is the point of entry.

                I suggest changing all your passwords including the ones for your administrators, .htaccess, MySQL, FTP and Email. Do not use an insecure FTP method to access your site but instead use FTP over SSH or Secure FTP with a suitably difficult password of 12-16 characters. Your MySQL password should be a seemingly random string of characters at least 16 characters in length. Make sure that you do not have your password in any file except config.php. Make sure all .htaccess passwords and user names are different per directory as well.

                Finally, make sure that phpMyAdmin is completely secure and only access your hosting control panel through SSL.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X