My site was defaced

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • EGS
    Senior Member
    • Jun 2006
    • 127
    • 3.6.x

    My site was defaced

    MY FORUM GOT HACKED! LATEST VERSION & EVERYTHING WTF!

    Cracked by http://www.xakepy.ru/ crackz team with help from DDOS-CREW-RU. Patch vBulletin and build super firewall to avoid combo DDOS-hole admin crack n00bz!
    Last edited by Zachery; Thu 12 Nov '09, 1:07am.
    > Follow this link for the CHEAPEST Domain Name Registration - Domain Transfers Are Even Cheaper! :)
    WoW Accounts, FFXI Accounts, Aion Accounts, FFXIV Accounts, MMORPG Market
  • dodgeboard.com
    Senior Member
    • Nov 2005
    • 941
    • 4.0.x

    #2
    Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?

    Comment

    • aussiefooty
      Senior Member
      • Nov 2008
      • 1902
      • 6.0.X

      #3
      Originally posted by EGS
      MY FORUM GOT HACKED! LATEST VERSION & EVERYTHING WTF!

      Cracked by http://www.xakepy.ru/ crackz team with help from DDOS-CREW-RU. Patch vBulletin and build super firewall to avoid combo DDOS-hole admin crack n00bz!
      Oh no that's bad. You must of had an easy password....
      Once you get back on there go into your admincp > vBulletin options (drop down menu) > user banning options and put that url in the banning ip and email address > Save
      Aussiefootyforums

      New Site New forum
      Come and talk sports all day long


      Comment

      • EGS
        Senior Member
        • Jun 2006
        • 127
        • 3.6.x

        #4
        NO I didn't have an easy password all mine are completely random with symbols, numbers, and letters!!!
        What's going on with providing an insecure product? I am holding the makers of vBulletin liable for this. My forum was huge.
        > Follow this link for the CHEAPEST Domain Name Registration - Domain Transfers Are Even Cheaper! :)
        WoW Accounts, FFXI Accounts, Aion Accounts, FFXIV Accounts, MMORPG Market

        Comment

        • zomega
          Senior Member
          • Apr 2006
          • 165
          • 4.0.0

          #5
          Originally posted by EGS
          NO I didn't have an easy password all mine are completely random with symbols, numbers, and letters!!!
          What's going on with providing an insecure product? I am holding the makers of vBulletin liable for this. My forum was huge.
          Going to be kinda hard considering that according to their TOS they can't be held accountable...

          IN NO EVENT SHALL VBULLETIN.COM OR ITS OWNER BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT DAMAGES ARISING FROM YOUR USE OF VBULLETIN.COM OR ITS SERVICES EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
          Honestly if your forum got haxed it's your own damn fault. Sorry kid better luck next time. Vbulletin allows you to backup your database for a reason.

          Ouch! Did you have an htaccess file (limiting IPs) in your admincp and modcp directory?
          Good idea bud rep shall be given for that.

          OOC: What would be the commands put into the .htaccess file to allow it to do that and can you do it with a dynamic ip?
          Last edited by zomega; Thu 5 Nov '09, 7:03pm.
          sigpic

          Jihen Theory - Anime news, reviews and torrent tracker.

          Comment

          • Zachery
            Former vBulletin Support
            • Jul 2002
            • 59097

            #6
            How do you know it was vBulletin that was the cause of the exploit? Do you have server logs, or evidance pointing to the fact it was a exploit of vBulletin itself? Are you sure your server, plugins, other third party software, and all other software on your entire server is secure up to date and has no known security issues?

            Comment

            • dodgeboard.com
              Senior Member
              • Nov 2005
              • 941
              • 4.0.x

              #7
              I just implemented some additional security after seeing this. Added an htaccess file to the modcp so that my only moderator is the only one that can access the directory (already have one for my admincp) Plus, I renamed the admincp and modcp directories to something custom (difficult to guess).

              Comment

              • dodgeboard.com
                Senior Member
                • Nov 2005
                • 941
                • 4.0.x

                #8
                He has an old version of vBSEO 3.3.0 which has a WELL KNOWN EXPLOIT

                Hackers gained access to his admincp using the exploit, exploited the fact that he has the standard admincp directory with no htaccess file in place, created a notice to brag about their successful hack, then created a redirect in his footer.

                It's an easy fix as his database is fortunately still intact. He just needs to get in and secure his forums by the well known methods discussed on this site.

                EGS, this is an easy fix. Calm down and stop being so threatening, and we will gladly help you out.
                Last edited by dodgeboard.com; Thu 5 Nov '09, 7:18pm.

                Comment

                • nubian
                  Senior Member
                  • Nov 2004
                  • 495

                  #9
                  Originally posted by dodgeboard.com
                  He has an old version of vBSEO 3.3.0 which has a WELL KNOWN EXPLOIT

                  Hackers gained access to his admincp using the exploit, exploited the fact that he has the standard admincp directory with no htaccess file in place, created a notice to brag about their successful hack, then created a redirect in his footer.

                  It's an easy fix as his database is fortunately still intact. He just needs to get in and secure his forums by the well known methods discussed on this site.

                  EGS, this is an easy fix. Calm down and stop being so threatening, and we will gladly help you out.
                  would you mind elaborating on this htaccess file mod?
                  thanks

                  Comment

                  • dodgeboard.com
                    Senior Member
                    • Nov 2005
                    • 941
                    • 4.0.x

                    #10
                    htaccess is not a mod, it's a file that can be used to restrict access to certain directories...I will elaborate...create a text file and name it ".htaccess" (note the period before the filename) and place it into your modcp and admincp directories. This is what you put in the file:



                    order deny,allow
                    deny from all
                    allow from 211.23.112.105
                    allow from 73.211.58.6
                    allow from sbc.net
                    allow from host.net
                    Only the IP's and hostnames that you put into this file will be able to access the directory. Anyone else wont even see the login for the admincp. It's fairly effective


                    Use a hostname (host.com) if your admin or mods have a dynamic IP. But use an IP if they have a static IP (greater security).

                    Comment

                    • dodgeboard.com
                      Senior Member
                      • Nov 2005
                      • 941
                      • 4.0.x

                      #11
                      also see: http://www.vbulletin.com/forum/showt...ms-More-Secure

                      Comment

                      • JamieinNH
                        Senior Member
                        • May 2004
                        • 393
                        • 3.8.x

                        #12
                        Do you know that there is still a notice on your site? You should turn that off. Also, in a lot of your signature lines, it's stating the exact same thing as the notice.

                        Go look in the thread where you're talking about some Staff members going Rouge on you.

                        Also, why do you allow Guest posting without the need to register?

                        Comment

                        • dodgeboard.com
                          Senior Member
                          • Nov 2005
                          • 941
                          • 4.0.x

                          #13
                          Good Job EGS!

                          I noticed you have regained access to your forums, updated your vBSEO and changed your admincp directory from the known defaults. I suspect you aslo implemented a htaccess file. Way to go!!

                          We learn from our mistakes.

                          Comment

                          • birdie
                            Senior Member
                            • Aug 2004
                            • 323

                            #14
                            Originally posted by EGS
                            I am holding the makers of vBulletin liable for this.
                            Don't you now owe the makers of vBulletin an apology?

                            Comment

                            • Hotpuppy
                              Member
                              • May 2009
                              • 62
                              • 3.8.x

                              #15
                              Originally posted by dodgeboard.com
                              htaccess is not a mod, it's a file that can be used to restrict access to certain directories...I will elaborate...create a text file and name it ".htaccess" (note the period before the filename) and place it into your modcp and admincp directories. This is what you put in the file:



                              Only the IP's and hostnames that you put into this file will be able to access the directory. Anyone else wont even see the login for the admincp. It's fairly effective


                              Use a hostname (host.com) if your admin or mods have a dynamic IP. But use an IP if they have a static IP (greater security).
                              Great info! I implemented this on my own site. I wish there was a compendium of security things that should be done on vbulletin.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...