-
-
-
Good Job EGS!
I noticed you have regained access to your forums, updated your vBSEO and changed your admincp directory from the known defaults. I suspect you aslo implemented a htaccess file. Way to go!!
We learn from our mistakes.Leave a comment:
-
Do you know that there is still a notice on your site? You should turn that off. Also, in a lot of your signature lines, it's stating the exact same thing as the notice.
Go look in the thread where you're talking about some Staff members going Rouge on you.
Also, why do you allow Guest posting without the need to register?Leave a comment:
-
Leave a comment:
-
htaccess is not a mod, it's a file that can be used to restrict access to certain directories...I will elaborate...create a text file and name it ".htaccess" (note the period before the filename) and place it into your modcp and admincp directories. This is what you put in the file:
Only the IP's and hostnames that you put into this file will be able to access the directory. Anyone else wont even see the login for the admincp. It's fairly effectiveorder deny,allow
deny from all
allow from 211.23.112.105
allow from 73.211.58.6
allow from sbc.net
allow from host.net
Use a hostname (host.com) if your admin or mods have a dynamic IP. But use an IP if they have a static IP (greater security).Leave a comment:
-
-
He has an old version of vBSEO 3.3.0 which has a WELL KNOWN EXPLOIT
Hackers gained access to his admincp using the exploit, exploited the fact that he has the standard admincp directory with no htaccess file in place, created a notice to brag about their successful hack, then created a redirect in his footer.
It's an easy fix as his database is fortunately still intact. He just needs to get in and secure his forums by the well known methods discussed on this site.
EGS, this is an easy fix. Calm down and stop being so threatening, and we will gladly help you out.Last edited by dodgeboard.com; Thu 5 Nov '09, 7:18pm.Leave a comment:
-
I just implemented some additional security after seeing this. Added an htaccess file to the modcp so that my only moderator is the only one that can access the directory (already have one for my admincp) Plus, I renamed the admincp and modcp directories to something custom (difficult to guess).Leave a comment:
-
How do you know it was vBulletin that was the cause of the exploit? Do you have server logs, or evidance pointing to the fact it was a exploit of vBulletin itself? Are you sure your server, plugins, other third party software, and all other software on your entire server is secure up to date and has no known security issues?Leave a comment:
-
Going to be kinda hard considering that according to their TOS they can't be held accountable...
Honestly if your forum got haxed it's your own damn fault. Sorry kid better luck next time. Vbulletin allows you to backup your database for a reason.IN NO EVENT SHALL VBULLETIN.COM OR ITS OWNER BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT DAMAGES ARISING FROM YOUR USE OF VBULLETIN.COM OR ITS SERVICES EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
Good idea bud rep shall be given for that.Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?
OOC: What would be the commands put into the .htaccess file to allow it to do that and can you do it with a dynamic ip?Last edited by zomega; Thu 5 Nov '09, 7:03pm.Leave a comment:
-
NO I didn't have an easy password all mine are completely random with symbols, numbers, and letters!!!
What's going on with providing an insecure product? I am holding the makers of vBulletin liable for this. My forum was huge.Leave a comment:
-
-
Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?Leave a comment:
Leave a comment: