My site was defaced

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • zomega
    Senior Member
    • Apr 2006
    • 165
    • 4.0.0

    #16
    Originally posted by Hotpuppy
    Great info! I implemented this on my own site. I wish there was a compendium of security things that should be done on vbulletin.

    There is: http://www.vbulletin.com/forum/showt...ms-More-Secure
    sigpic

    Jihen Theory - Anime news, reviews and torrent tracker.

    Comment

    • Poppet25
      Member
      • May 2007
      • 52
      • 4.2.X

      #17
      Quick question, how do you change the links in the footer to point to the right address for the admin and mod links once you have changed them?
      Last edited by Poppet25; Wed 11 Nov '09, 11:56pm.

      Comment

      • Zachery
        Former vBulletin Support
        • Jul 2002
        • 59097

        #18
        Update the config.php with the proper directories.

        Comment

        • bjkinzluvr
          New Member
          • Nov 2008
          • 13

          #19
          Most users do NOT have static IP's. So in implementing this, you say use a host name. Can you clarify? What host? Thanks!

          Comment

          • dodgeboard.com
            Senior Member
            • Nov 2005
            • 941
            • 4.0.x

            #20
            Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

            Eample:

            71-218-13-147.hlrn.qwest.net


            But in your htaccess file you would put just qwest.net

            Comment

            • bjkinzluvr
              New Member
              • Nov 2008
              • 13

              #21
              Originally posted by dodgeboard.com
              Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.

              Eample:

              71-218-13-147.hlrn.qwest.net


              But in your htaccess file you would put just qwest.net
              Thank you. That is very helpful.

              Comment

              • Loco.M
                Senior Member
                • Mar 2005
                • 4319
                • 3.5.x

                #22
                the site looks fine now, I assume you got it working
                even if you have the latest vBulletin, I'm sure you've added mods to it, this would most likely be the hole they used to gain access.
                -- Web Developer for hire
                ---Online Marketing Tools and Articles

                Comment

                • Poppet25
                  Member
                  • May 2007
                  • 52
                  • 4.2.X

                  #23
                  Originally posted by Zachery
                  Update the config.php with the proper directories.
                  Did that and cleared my browser cache still points to the orginal links.

                  Comment

                  • Zachery
                    Former vBulletin Support
                    • Jul 2002
                    • 59097

                    #24
                    Originally posted by Poppet25
                    Did that and cleared my browser cache still points to the orginal links.
                    Something is causing it then, the default style uses the directories in the config.php file.

                    Comment

                    • DirtyHarry
                      Member
                      • Feb 2004
                      • 96
                      • 3.8.x

                      #25
                      Sorry, I am copying from another post I just made:

                      If you are using VBSEO, today we found a security hole in vBSEO while working on a client's website. This hole affects all versions of vBSEO, including 3.3.2, and allows an attacker to perform any operation by installing shell scripts in your writable directories. It does not matter if these writable directories are into the public root of your forums; through vBSEO, they can include also files outside the public root.

                      We reported the hole to vBSEO, and they confirmed it. They then added the patch to their 3.3.2 version; so even if you have 3.3.2, you should re-upgrade it. They have not yet issued a public statement about this, but the latest vBSEO version includes today's patch.

                      Today, we had 6 different reports of the hack from other clients, so the thing is spreading fast.

                      The hackers first add shell scripts to your directories, then gain MySQL access by reading the config file and edit templates.
                      CarlitoBrigante on vb.org - MagnetiCat.com
                      Professional vBulletin development, support, upgrades

                      Comment

                      • ENF
                        Senior Member
                        • Apr 2002
                        • 2677
                        • 3.8.11

                        #26
                        Thanks for that post Harry, as I was reading it, an email from vbSEO dropped in my inbox. Nice timing.
                        To be updated...

                        Comment

                        • MoMan
                          Senior Member
                          • Oct 2005
                          • 345
                          • 3.8.x

                          #27
                          Would password-protecting the admincp directory, the modcp directory, and the includes directory also be recommended? Seems like that should stop arbitrary access to most sensitive scripts.
                          Adam

                          Admin of PentaxForums.com, premiere photography forum for Pentax users (Big-Board).

                          Comment

                          • DirtyHarry
                            Member
                            • Feb 2004
                            • 96
                            • 3.8.x

                            #28
                            ENF, you are welcome. I came to the forums as soon as we had discovered it and reported it to vBSEO.

                            MoMan, yes, it might help against attacks that target files directly (this has happened some time in the past with custom mods), but most attacks, these days, use 99% of the times other means that it is better not to write in detail here, but that can bypass .htaccess restrictions. This said, security is a multi-layered thing, and every single layer counts. Even small tricks can make the difference.

                            And you won't believe how often the hacker simply brute-forces an easy to guess password. Believe it or not, there are still web owners out there with passwords "inspired" by Walt Disney's characters' names.
                            CarlitoBrigante on vb.org - MagnetiCat.com
                            Professional vBulletin development, support, upgrades

                            Comment

                            • MoMan
                              Senior Member
                              • Oct 2005
                              • 345
                              • 3.8.x

                              #29
                              Weak passwords definitely constitute a pretty big risk. In fact, over the past week my server has seen nearly 30,000 failed logins via SSH- it seems hackers try to use default users like 'ssh' 'mysql' and others, probably with silly passwords, to see if any holes exist. I've also seen hackers try to guess the paths to control panels such as phpmyadmin (which you shouldn't have in a public or guessable directory to begin with).

                              I've followed most of the tips on these pages:



                              Forum administrators and moderators.-Front Desk-Announcements, Questions, & Support-Articles, Interviews & Tutorials-Forums General-Front Desk-Announcements, Questions & Support


                              What else can be done to secure vB? It would be nice to know what methods hackers use so that if there are any holes, we can plug them up!
                              Adam

                              Admin of PentaxForums.com, premiere photography forum for Pentax users (Big-Board).

                              Comment

                              • JiggenJ
                                New Member
                                • Jan 2010
                                • 22
                                • 4.0.0

                                #30
                                Thanks for this great post and all the links offered in it with other great information. I forgot everything I did in vB3 to secure it so all this information is very much appreciated!

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...