Tweet
We have a forum and someone whom we trusted had the FTP password, now that has been compromised, we changed the passwords on the FTP and database, but somehow they keep deleting the files, is there anything from the old files (if the attacker downloaded them) that would allow them access since we keep restoring the back ups?
-
-
hmm, is it possible they have root acct access?
you may consider to only whitelist your local ip for ftp connection until u can learn more and resolve...
-
Check for any rogue administrator/moderator users, change database password...basically change every password. Even then you might remain vulnareable. You can open a ticket at vBulletin Support if you have that access. They are usually really helpful with these.Comment
-
If you're running vBulletin 4.2.3, then no. It has had many patches applied over the years. However before you changed your FTP passwords, they may have uploaded files that give them access. You can test this in the AdminCP under Maintenance -> Diagnostics -> Suspect File Versions. Remove any files not part of vBulletin that you didn't add. Replace any files listed as not containing the expected contents.
Finally, FTP is not secure. Passwords are transmitted in plain text using this protocol. You should talk to your hosting provider about SFTP or FTP over TLS for more security.
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
Comment