Site hacked, can someone please help?
Collapse
This topic is closed.
X
X
-
FYI going to bed now, if you haven't put in a ticket yet the next person to be available would be trevor, then other staff as the day progresses.Comment
-
like i said, i'm sure it was the mod as it's the only one i used. i now uninstalled it and will never use a third party mod again.
* i fixed the userid so when someone new joins the next number is the correct one, and not 13371337 and above.
* i changed all registered titles back to the default "Member" title and also any new users have it too. i created a couple new users to check this. both the userid went as expected and their title is Member.
* i deleted the teamanimus admin account.
all the above was using phpmyadmin and not much knowledge other than general computing experience and this thread.
so do we know if the hackers actually had access to admincp at all? or was all their doing done via some "injecting" or whatever?
does anyone have factual data to say that the teamanimus admin user actually was ever logged in to the forums once created?
as for the ticket i can still submit one. perhaps it's a good idea. could you describe what happens in such a case? im mean will you or another vb employee log in and verify the forum software does not have exploits left over or what?
will you check the database? if yes, for what? if things need to be changed do you do them or ask first? is there a chance that if/when this would happen we could be on the phone as well? i there a charge?
in conclusion, i think i'm back to normal. i only have vb installed and will keep it that way. no more mods for me. lesson learned.Comment
-
also they moved my admin account to regular registered members group. a few months ago i edited the config file to make it "protected".
.....
Sorry, this user is protected from being altered in the config.php file by the $config['SpecialUsers']['undeletableusers'] variable.
All this does is prevent you altering the account from within the normal user edit function in the ACP. It will not prevent the account from being altered by a direct SQL query - including via queries from the [other] relevant section of the ACP.Baby, I was born this wayComment
-
Note that this is mis-understood by many people.
All this does is prevent you altering the account from within the normal user edit function in the ACP. It will not prevent the account from being altered by a direct SQL query - including via queries from the [other] relevant section of the ACP.
i'd also like to know if in order for this hack to work they had to rely on the admiccp folder? does anyone know? because there was one guy who mentioned he changed the default name of both mod/admin folders to something else, and he was also hacked.Comment
-
Comment
-
-
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
👍 1Comment
-
I couldn't agree more, and how was it suspected & by whom?
One of my vb sites was hacked as well & yes I was running suspected addon but, that means nothing. And I had it back up and running within 45 mins with a backup.
The question I have yet to see asked is how all the vb sites were hacked at the same time or how a script was set up and ran to do them all over a short period of time & where they got their info to know who all was running the suspected addon.
[COLOR="#000000"]I do not believe it was Valters mod at all![/COLOR]
We all know the staff changes vbulletin has gone through & the creation of xenforo and the bad blood between the two.
Could this be a way to get people to dis-trust vbulletin and switch over? Just a thought. Think about it...
How many sites reported they were hacked?
I honestly believe this was an internal issue, (within vbulletin.com) I mean who else has access to know who is running what?
I could go on with other conspiracy theorys....but, something just ain't right about this whole mess...Comment
-
(i had some kip too shortly after you.)
re: "root" account. i see. oh well... would it be safe to assume you guys looked at the possibility before? i'm just curious.
so can you answer my pre-ticket questions? you do know i'm a customer right. (i mean that you can already see my details, right) ..because i almost get the feeling you don't want to "engage" me until after i submit that very sensitive info and i'd just like to know how things normally go down once submitted. like i said, i fixed everything, and in fact 3 minutes ago finished updating the forums to 3.8.7.
as far as i can tell nothing further needs to be done. having said that i would have no issue at all if you did take a look-see. for example, can i pm you my admin username/pw to the forums so you can log in and do what you'd do? if not via pm i can send the forum info via the support ticket? or do i have to also send the domain/phpmyadmin user/pw et al?Comment
-
So is it ok for support to encourage calling members' thoughts and questions "stupid"? Because if it is, oh here go hell come!
http://www.youtube.com/watch?v=ax4IUgMq0Aw
Since this thread has gone off the rails, I am closing it. If anyone that needs help with their site being hacked, please feel free to start your own thread or send us a support ticket and we will be glad to help.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
Related Topics
Collapse
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
-
Channel: vB Cloud Support & Troubleshooting.
Wed 7 Jun '17, 8:25am -
Comment