Afraid Of a hacker

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • gerbil249
    Member
    • Jul 2009
    • 39

    Afraid Of a hacker

    Someone told me this on MSN, that they were going to hack my site.

    "7:07 PM) Brandyn:I'm not scared bud, that can be the least of my worries - Finding my old shell scripts and buying an account on your webhost will be the only things of difficulty.(7:07 PM) Brandyn:After I have the shell script on the server, SQL information is only a few keystrokes away.(7:08 PM) Brandyn:The beauty of it all? Well there would be know way for anyone to even know what was going on, much less know it was me.(7:08 PM) Brandyn:By the time anything can even be thought of, i will have my ssh script deleted - As well as your database.(7:08 PM) Brandyn:See but the reason I want you to give it a try..(7:09 PM) Brandyn:Oh i'll let you get a few members.. maby a good 500 even, let you do all the work you want to it.. And then I will do what needs done.(7:10 PM) Brandyn:So have fun mate, I'm tired of warning you - I'll let you try it for your own.. Some people are hard-headed."

    Is this possible? Could he hack it?
  • DirtyHarry
    Member
    • Feb 2004
    • 96
    • 3.8.x

    #2
    Theoretically, if you are with a good host, he should not be able to do it. Make sure your host is reliable, and that this user never had access to your admin passwords (for example, if he is an ex moderator or ex admin). Also, make sure that the DB you are using has an impossible to guess username and password, and probably even change the name of the DB. Anyhow, from the look of it, he might just be boasting. Otherwise, he would have already done it.

    Anyhow, shared servers, in general, are always less safe then a dedicated servers if you have even an average Linux administrator managing your dedicated machine.

    In any case, this has nothing to do with vBulletin in general, so you should not be worried about purchasing a copy of vBulletin over any other software because of these threats. Any software would be vulnerable for this kind of attack.
    CarlitoBrigante on vb.org - MagnetiCat.com
    Professional vBulletin development, support, upgrades

    Comment

    • gerbil249
      Member
      • Jul 2009
      • 39

      #3
      Originally posted by DirtyHarry
      Theoretically, if you are with a good host, he should not be able to do it. Make sure your host is reliable, and that this user never had access to your admin passwords (for example, if he is an ex moderator or ex admin). Also, make sure that the DB you are using has an impossible to guess username and password, and probably even change the name of the DB. Anyhow, from the look of it, he might just be boasting. Otherwise, he would have already done it.

      Anyhow, shared servers, in general, are always less safe then a dedicated servers if you have even an average Linux administrator managing your dedicated machine.

      In any case, this has nothing to do with vBulletin in general, so you should not be worried about purchasing a copy of vBulletin over any other software because of these threats. Any software would be vulnerable for this kind of attack.
      I use justhost,com, and I have a very strong password for ftp, SQL, and cpanel. Would you recommend a dedicated IP?
      I have numbers, dashes, lines, spaces everything in my password.

      I also have a firewall installed in my vbulletin forum.

      Is justhost.com good?

      Comment

      • aussiefooty
        Senior Member
        • Nov 2008
        • 1902
        • 6.0.X

        #4
        Originally posted by gerbil249
        Someone told me this on MSN, that they were going to hack my site.

        "7:07 PM) Brandyn:I'm not scared bud, that can be the least of my worries - Finding my old shell scripts and buying an account on your webhost will be the only things of difficulty.(7:07 PM) Brandyn:After I have the shell script on the server, SQL information is only a few keystrokes away.(7:08 PM) Brandyn:The beauty of it all? Well there would be know way for anyone to even know what was going on, much less know it was me.(7:08 PM) Brandyn:By the time anything can even be thought of, i will have my ssh script deleted - As well as your database.(7:08 PM) Brandyn:See but the reason I want you to give it a try..(7:09 PM) Brandyn:Oh i'll let you get a few members.. maby a good 500 even, let you do all the work you want to it.. And then I will do what needs done.(7:10 PM) Brandyn:So have fun mate, I'm tired of warning you - I'll let you try it for your own.. Some people are hard-headed."

        Is this possible? Could he hack it?
        Mightn't be a bad idea to block his hotmail address on your forum. Also dob him into MSN telling them that exact thing what you were told. That way they can control that and deal with it.
        Aussiefootyforums

        New Site New forum
        Come and talk sports all day long


        Comment

        • aussiefooty
          Senior Member
          • Nov 2008
          • 1902
          • 6.0.X

          #5
          Originally posted by gerbil249
          I use justhost,com, and I have a very strong password for ftp, SQL, and cpanel. Would you recommend a dedicated IP?
          I have numbers, dashes, lines, spaces everything in my password.

          I also have a firewall installed in my vbulletin forum.

          Is justhost.com good?
          Have seen better hosts.
          However, because this board is pre-sales I can't give you support.

          Discuss PHP and MySQL hosting here. Find out which hosts people like, and which to stay well clear of.


          Have a look and a read of the hosting board.
          Last edited by aussiefooty; Tue 27 Oct '09, 7:37pm. Reason: added link
          Aussiefootyforums

          New Site New forum
          Come and talk sports all day long


          Comment

          • gerbil249
            Member
            • Jul 2009
            • 39

            #6
            Originally posted by schwab2clarkson
            Have seen better hosts.
            However, because this board is pre-sales I can't give you support.

            Discuss PHP and MySQL hosting here. Find out which hosts people like, and which to stay well clear of.



            Have a look and a read of the hosting board.
            Sorry, I never get the correct board.

            Comment

            • Eriksrocks
              Member
              • Apr 2008
              • 82

              #7
              Notify your host with as much information as you have so that they can prevent him from signing up in the first place. As someone mentioned, this attack will work with any piece of software, so it's not really specific to vBulletin.

              Finally, keep daily backups of your database. If he does get through, the damage will be minimal.
              Planning to continue using VB 3.8 post EOL? Then join the VB 3.8 Forever group and visit www.vb3forever.org!

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...