Announcement

Collapse
No announcement yet.

Afraid Of a hacker

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Afraid Of a hacker

    Someone told me this on MSN, that they were going to hack my site.

    "7:07 PM) Brandyn:I'm not scared bud, that can be the least of my worries - Finding my old shell scripts and buying an account on your webhost will be the only things of difficulty.(7:07 PM) Brandyn:After I have the shell script on the server, SQL information is only a few keystrokes away.(7:08 PM) Brandyn:The beauty of it all? Well there would be know way for anyone to even know what was going on, much less know it was me.(7:08 PM) Brandyn:By the time anything can even be thought of, i will have my ssh script deleted - As well as your database.(7:08 PM) Brandyn:See but the reason I want you to give it a try..(7:09 PM) Brandyn:Oh i'll let you get a few members.. maby a good 500 even, let you do all the work you want to it.. And then I will do what needs done.(7:10 PM) Brandyn:So have fun mate, I'm tired of warning you - I'll let you try it for your own.. Some people are hard-headed."

    Is this possible? Could he hack it?

  • #2
    Theoretically, if you are with a good host, he should not be able to do it. Make sure your host is reliable, and that this user never had access to your admin passwords (for example, if he is an ex moderator or ex admin). Also, make sure that the DB you are using has an impossible to guess username and password, and probably even change the name of the DB. Anyhow, from the look of it, he might just be boasting. Otherwise, he would have already done it.

    Anyhow, shared servers, in general, are always less safe then a dedicated servers if you have even an average Linux administrator managing your dedicated machine.

    In any case, this has nothing to do with vBulletin in general, so you should not be worried about purchasing a copy of vBulletin over any other software because of these threats. Any software would be vulnerable for this kind of attack.
    CarlitoBrigante on vb.org - MagnetiCat.com
    Professional vBulletin development, support, upgrades

    Comment


    • #3
      Originally posted by DirtyHarry View Post
      Theoretically, if you are with a good host, he should not be able to do it. Make sure your host is reliable, and that this user never had access to your admin passwords (for example, if he is an ex moderator or ex admin). Also, make sure that the DB you are using has an impossible to guess username and password, and probably even change the name of the DB. Anyhow, from the look of it, he might just be boasting. Otherwise, he would have already done it.

      Anyhow, shared servers, in general, are always less safe then a dedicated servers if you have even an average Linux administrator managing your dedicated machine.

      In any case, this has nothing to do with vBulletin in general, so you should not be worried about purchasing a copy of vBulletin over any other software because of these threats. Any software would be vulnerable for this kind of attack.
      I use justhost,com, and I have a very strong password for ftp, SQL, and cpanel. Would you recommend a dedicated IP?
      I have numbers, dashes, lines, spaces everything in my password.

      I also have a firewall installed in my vbulletin forum.

      Is justhost.com good?

      Comment


      • #4
        Originally posted by gerbil249 View Post
        Someone told me this on MSN, that they were going to hack my site.

        "7:07 PM) Brandyn:I'm not scared bud, that can be the least of my worries - Finding my old shell scripts and buying an account on your webhost will be the only things of difficulty.(7:07 PM) Brandyn:After I have the shell script on the server, SQL information is only a few keystrokes away.(7:08 PM) Brandyn:The beauty of it all? Well there would be know way for anyone to even know what was going on, much less know it was me.(7:08 PM) Brandyn:By the time anything can even be thought of, i will have my ssh script deleted - As well as your database.(7:08 PM) Brandyn:See but the reason I want you to give it a try..(7:09 PM) Brandyn:Oh i'll let you get a few members.. maby a good 500 even, let you do all the work you want to it.. And then I will do what needs done.(7:10 PM) Brandyn:So have fun mate, I'm tired of warning you - I'll let you try it for your own.. Some people are hard-headed."

        Is this possible? Could he hack it?
        Mightn't be a bad idea to block his hotmail address on your forum. Also dob him into MSN telling them that exact thing what you were told. That way they can control that and deal with it.
        Aussiefootyforums

        New Site New forum
        Come and talk sports all day long


        Comment


        • #5
          Originally posted by gerbil249 View Post
          I use justhost,com, and I have a very strong password for ftp, SQL, and cpanel. Would you recommend a dedicated IP?
          I have numbers, dashes, lines, spaces everything in my password.

          I also have a firewall installed in my vbulletin forum.

          Is justhost.com good?
          Have seen better hosts.
          However, because this board is pre-sales I can't give you support.

          http://www.vbulletin.com/forum/forum...osting-Options

          Have a look and a read of the hosting board.
          Last edited by carntheroos4eva; Tue 27 Oct '09, 7:37pm. Reason: added link
          Aussiefootyforums

          New Site New forum
          Come and talk sports all day long


          Comment


          • #6
            Originally posted by schwab2clarkson View Post
            Have seen better hosts.
            However, because this board is pre-sales I can't give you support.

            http://www.vbulletin.com/forum/forum...osting-Options


            Have a look and a read of the hosting board.
            Sorry, I never get the correct board.

            Comment


            • #7
              Notify your host with as much information as you have so that they can prevent him from signing up in the first place. As someone mentioned, this attack will work with any piece of software, so it's not really specific to vBulletin.

              Finally, keep daily backups of your database. If he does get through, the damage will be minimal.
              Planning to continue using VB 3.8 post EOL? Then join the VB 3.8 Forever group and visit www.vb3forever.org!

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X