My site was defaced
Collapse
X
-
-
-
Most users do NOT have static IP's. So in implementing this, you say use a host name. Can you clarify? What host? Thanks!Comment
-
Go to your Who's Online. Look at the IP address of your Moderator. Click on it. It will show you a hostname.
Eample:
71-218-13-147.hlrn.qwest.net
But in your htaccess file you would put just qwest.netComment
-
Comment
-
the site looks fine now, I assume you got it working
even if you have the latest vBulletin, I'm sure you've added mods to it, this would most likely be the hole they used to gain access.Comment
-
Comment
-
Sorry, I am copying from another post I just made:
If you are using VBSEO, today we found a security hole in vBSEO while working on a client's website. This hole affects all versions of vBSEO, including 3.3.2, and allows an attacker to perform any operation by installing shell scripts in your writable directories. It does not matter if these writable directories are into the public root of your forums; through vBSEO, they can include also files outside the public root.
We reported the hole to vBSEO, and they confirmed it. They then added the patch to their 3.3.2 version; so even if you have 3.3.2, you should re-upgrade it. They have not yet issued a public statement about this, but the latest vBSEO version includes today's patch.
Today, we had 6 different reports of the hack from other clients, so the thing is spreading fast.
The hackers first add shell scripts to your directories, then gain MySQL access by reading the config file and edit templates.Comment
-
Would password-protecting the admincp directory, the modcp directory, and the includes directory also be recommended? Seems like that should stop arbitrary access to most sensitive scripts.Comment
-
ENF, you are welcome. I came to the forums as soon as we had discovered it and reported it to vBSEO.
MoMan, yes, it might help against attacks that target files directly (this has happened some time in the past with custom mods), but most attacks, these days, use 99% of the times other means that it is better not to write in detail here, but that can bypass .htaccess restrictions. This said, security is a multi-layered thing, and every single layer counts. Even small tricks can make the difference.
And you won't believe how often the hacker simply brute-forces an easy to guess password. Believe it or not, there are still web owners out there with passwords "inspired" by Walt Disney's characters' names.Comment
-
Weak passwords definitely constitute a pretty big risk. In fact, over the past week my server has seen nearly 30,000 failed logins via SSH- it seems hackers try to use default users like 'ssh' 'mysql' and others, probably with silly passwords, to see if any holes exist. I've also seen hackers try to guess the paths to control panels such as phpmyadmin (which you shouldn't have in a public or guessable directory to begin with).
I've followed most of the tips on these pages:
Forum administrators and moderators.-Front Desk-Announcements, Questions, & Support-Articles, Interviews & Tutorials-Forums General-Front Desk-Announcements, Questions & Support
What else can be done to secure vB? It would be nice to know what methods hackers use so that if there are any holes, we can plug them up!Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment