Site was hacked warning.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • rknight111
    Senior Member
    • Oct 2006
    • 147
    • 3.6.x

    Site was hacked warning.

    My site was hacked into by a user with IP 124.217.254.157
    Please watch out. Im just upgrading to the newest version of 3.8 and am waiting for the 4.0 to be 100% before I spend money to get all the skins and upgrades done.

    This user injected malicious code into the sql somehow, we thought it was the software but it was the database. Upon cleaning up we noticed we lost some code as well. It was in some backups as well.
  • kuyenmotdivad
    Senior Member
    • Apr 2006
    • 616
    • 4.1.x

    #2
    That IP is from Malaysia : http://whois.domaintools.com/124.217.254.157

    Comment

    • ManagerJosh
      Senior Member
      • Jun 2002
      • 9922

      #3
      Originally posted by rknight111
      My site was hacked into by a user with IP 124.217.254.157
      Please watch out. Im just upgrading to the newest version of 3.8 and am waiting for the 4.0 to be 100% before I spend money to get all the skins and upgrades done.

      This user injected malicious code into the sql somehow, we thought it was the software but it was the database. Upon cleaning up we noticed we lost some code as well. It was in some backups as well.
      Are you sure it wasn't caused by a breach of security via the server and not the software?
      ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
      Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

      Comment

      • Off_Topic
        Member
        • Dec 2009
        • 67

        #4
        Higher chance of software, was probably an automated bot scouring the internet...
        http://www.offtopic.com.au/

        Comment

        • hitmancode47
          Senior Member
          • Jul 2008
          • 776
          • 3.8.x

          #5
          From what you have described, it sounds to me like a server intrustion.

          Did it remove the same coding from your backups too? or was that different?
          Jut a random internet person.

          A message to all illegal users!

          Comment

          • Joe Gronlund
            Senior Member
            • Nov 2001
            • 5789
            • 3.8.x

            #6
            Sounds like server to me too, however there is one focus in vBulletin where this all could have happened in the software.. I am sure you have done some of this, but change
            all passwords on the server and admin(s) accounts on the vBulletin site, along with all Super Mods who may be admin, restore MySQL DB if damage was severe. ..

            Re-upload ALL vBulletin files from the same version of vBulletin, as it was exploited...

            Check your logs, to find out how this happen, it don't sound vBulletin related, but you never know,.. Next time you may not have a database looking back at you at 6.00am...
            Last edited by Joe Gronlund; Wed 17 Mar '10, 11:29am.
            MCSE, MVP, CCIE
            Microsoft Beta Team

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...