Seal team 6 needed
Site hacked, can someone please help?
Collapse
This topic is closed.
X
X
-
environment: Centos 6.9, Apache v2.4.25, PHP 5.6.30/xCache, MariaDB 10.22 -- vB5 Connect Licensed
AusPhotography - Australia's Premier Photographic Forum vB4.2.3
Rick (site owner) and Kym (site tech) sharing this account -
-
I would just like to commend a member here "borbole". He was a tremendous help in helping me get everything back under control on my site and, to date, we have not had the hackers revisit our site. Certainly, trying to do all that he did on my own would have taken much, much longer to do and my site would have been at risk during that entire time. I certainly know who I am going to talk to the next time I need work done on my site! Much thanks my friend!
Comment
-
You presumably dont trust vbulletin either, since numerous exploits have been found in it over the years.Baby, I was born this wayComment
-
No practice that wasn't really necessary. Just getting a negative wibe about others of his (Valter) Mods.
And yes, I changed all these Passwords and other things. And tbh, people that do something like this (the hacker I mean), should be shot on sight. Sorry for the harsh words, but there is nothing to forgive in my oppinion about killing someone else's work.
It does bring up some questions about our modding community too... If even some of our most popular mods by our most experienced coders can have these exploits maybe we need to do more than just offer mods as "use at your own risk." - I would like to implement some sort of peer review process for mods, don't know if it's possible but it's worth discussing anyway.
We, as a community, will come out of this stronger than when we went it.👍 1Comment
-
I doubt such a forum exists. They'd have to have 13+ million registered users. I'd like to see such a forum. Even with deleted spammer accounts or such, which keep their userid seed number, it would be extremely highly unlikely. I mean how many users do some of the biggest forums have? 1-2 million?Comment
-
Just as a checklist - here's what I think they have done
- Uploaded a new catchy saxophone index.html page to root, admincp and modcp
- Added a new user to the user table as an admin, called team animus
- Set the autoincrement to 13371337 on userid
- Changed customtitle and user title so they all read 'hacked by team animus'
- Switched off the vBulletin forum
- Added a file called vba.php to the includes folder.
Is that the lot as far as you've seen?Comment
-
My concern is that everyone here only cleaning up their system and database seems comfortable that nothing else in the database was affected by the hackers. Call me paranoid, but a warm and fuzzy message that says "we didn't do anything malicious" in an html file doesn't really inspire much confidence. Personally I'd rather take the 1.5 day loss of data than find out in 2 weeks from now something else was inserted and used later to gain access to the site. I agree it doesn't appear to be the case, but this is my livelihood, I'd rather be safe than sorry.Last edited by NickCat; Thu 5 May '11, 6:00am.Comment
-
Just as a checklist - here's what I think they have done
- Uploaded a new catchy saxophone index.html page to root, admincp and modcp
- Added a new user to the user table as an admin, called team animus
- Set the autoincrement to 13371337 on userid
- Changed customtitle and user title so they all read 'hacked by team animus'
- Switched off the vBulletin forum
- Added a file called vba.php to the includes folder.
Is that the lot as far as you've seen?Baby, I was born this wayComment
-
I would just like to commend a member here "borbole". He was a tremendous help in helping me get everything back under control on my site and, to date, we have not had the hackers revisit our site. Certainly, trying to do all that he did on my own would have taken much, much longer to do and my site would have been at risk during that entire time. I certainly know who I am going to talk to the next time I need work done on my site! Much thanks my friend!
Comment
-
We've been telling everyone religiously to open a ticket with my attention. I've delt with a bulk amount of tickets now, I know what is generally exploited and what needs to be done. Anyone still having a problem please open a ticket.Comment
-
@Zachery: Any idea how they gained file system access?something...Comment
Related Topics
Collapse
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
-
Channel: vB Cloud Support & Troubleshooting.
-
Comment