My forum running vBulletin 3.5.8 just got hacked early this morning. So far I have noticed the password changed on my admin account and the index.php for the /vb directory completely defaced, but only for one of the four themes we use.
3.5.8 Hacked
Collapse
X
-
Turn off ALL your plugins 1stly.. replace he index file.. use the Do_not_upload folder and use the file in there to regain admin access.
My guess is one of your hacks was used to break into your system... also which skin did they deface? -
Please see this thread on how to make your vBulletin more secure:
If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
The hackers said it is a SQL injection vulnerability in vBulletin 3.5.8 - they have now hacked the site on 4 different occassions in the past 2 weeks. Any ideas? Is there something out for 3.5.8 that I am not aware of?
I can't go to 3.6.x because the mySQL on my system isn't new enough.Comment
-
There are no known issues with 3.5.8
As Steve has said, the most likely cause is that someone is accessing your server. However, if there is any particular concerns with regards to vBulletin, feel free to submit a support ticket with all the details.
Finally, go to AdminCP > Maintenance > Diagnostics > Suspect file versions and remove any files that you do not recognize. If any vBulletin files are reported back, overwrite them with the files for 3.5.8 from a fresh download from the members area.Comment
-
Apparently the hacker has no problem telling you how leet he is. Feel free to ask him to actually provide evidence that he has exploited vb 3.5.8 with what code, so we can see if it is due to an addon to vBulletin, or if you allowed HTML in posts, etc. Or if he has access to a 0day unreleased exploit we've yet to have heard of. (or if he is just bs you)Comment
-
Just a reccomendation, not very helpful, but i hope you get your forum back, and when you do, upgrade to 3.6.7 PLC1Comment
-
Patching older forums to 3.5.8 without upgrading could mean not every security issue is patched. Also, the exploit you describe sounds like an older one from a plugin added to vBulletin that got exploited sometimes.
The securityfocus listing has a handful of fake reports, invalid reports, retired reports and the few reports out there have all been fixed. The latest stables don't have these issues.Comment
-
Comment
-
could you please tell me what plugin do you mean? If you won't publish it here, could you please send me a PM with plugin name? If I have it - I'll remove it.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment