Site hacked, can someone please help?
Collapse
This topic is closed.
X
X
-
My concern is that everyone here only cleaning up their system and database seems comfortable that nothing else in the database was affected by the hackers. Call me paranoid, but a warm and fuzzy message that says "we didn't do anything malicious" in an html file doesn't really inspire much confidence. Personally I'd rather take the 1.5 day loss of data than find out in 2 weeks from now something else was inserted and used later to gain access to the site. I agree it doesn't appear to be the case, but this is my livelihood, I'd rather be safe than sorry.Comment
-
TBH, thats not particularly fair. All but the simplest software is a possible subject of attack by hackers, they are always looking for (and find) the most obscure faults. Just remember that this code has existed (with this issue) for something like four years before someone eventually found this exploit - its not an obvious problem unless you really go looking for it.
You presumably dont trust vbulletin either, since numerous exploits have been found in it over the years.Comment
-
Basically with any of the addons on vb.org you risk that there are vulnerabilities. Even heavily used addons are not audited. The coast is never clear.
I try to avoid such problems by steering clear from unknown coders and coders that are known to deliver problematic code.
Valters hacks are generally good.I buy 420 forums
Comment
-
I just want to know how they were able to write new files via an SQL exploit. Something is fishy here.Comment
-
Comment
-
[URL="http://coolscifi.com"]Cool Sci-Fi[/URL="http://coolscifi.com"] | [URL="http://awalkerbit.me"]Walking Dead[/URL="awalkerbit.me"]Comment
-
Comment
-
You must check /includes/xml also. vba.php resides there.
If you call vba.php in your browser you will see all the options the hacker has. You can view all the files including the config.php and get all of their db details etc...options to create a backdoor and many others.
Pretty impressive piece of work really.Comment
-
👍 1Comment
-
We were lucky in that (Australian time) the hack attack occurred in the early morning but after our daily 3am backup.
I changed passwords, I deleted all the newly updated files, I replaced them from original source, restored from the 3am backup - all good.
We only lost a handful of threads and posts, but it was the safest option IMHO.
Lessons?
1. Have a daily backup!
2. Have all the source code safe somewhere else.
3. Take more time to eyeball add-on code
Note: Valter's code has been around for years. NO ONE noticed the problem until now.
It's very easy to visually check all form fields and SQL in an addon; checking that vB cleaning and escape_string have been applied.
We (Admins) all need to be vigilant, no point blaming anyone, TeamAnimus have done us a favour by making us take security seriously (or more so).
Not that I would object to tasking Seal Team 6 onto TeamAnimus
Kym
PS:
Actually hacks like this keep us on our toes, like we should be. <snip>
It does bring up some questions about our modding community too... If even some of our most popular mods by our most experienced coders can have these exploits maybe we need to do more than just offer mods as "use at your own risk." - I would like to implement some sort of peer review process for mods, don't know if it's possible but it's worth discussing anyway.
We, as a community, will come out of this stronger than when we went it.Last edited by AusPhotography; Thu 5 May '11, 3:54pm.environment: Centos 6.9, Apache v2.4.25, PHP 5.6.30/xCache, MariaDB 10.22 -- vB5 Connect Licensed
AusPhotography - Australia's Premier Photographic Forum vB4.2.3
Rick (site owner) and Kym (site tech) sharing this accountComment
-
Just wanted to chime in with my very large thanks to the knowledgeable posters in this thread who were able to provide solutions. I discovered the hack around 10pm Eastern time last night, and spent 3 hours cleaning up most of the mess, and finished this morning after some sleep. But without this thread I would have been lost. I've never had one of my sites hacked, and never had to deal with any clients whose sites were hacked. My hax0r cherry has been royally popped, and like others have said, it's only made me stronger. Go figure, I applied strong security on client's sites, but never on my own. Well.... that has changed.~ Life isn't always fair, but you can be. ~Comment
Related Topics
Collapse
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
-
Channel: vB Cloud Support & Troubleshooting.
Wed 7 Jun '17, 8:25am -
Comment