Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 09 Feb 2008, 13:22
KempoMRK KempoMRK is offline
 
Join Date: Feb 2007
A Hacker Deleted A Load Of Threads

Permanently as well. So there's no way to get them back. But anyway, that's not my question.

The hacker logged in as a supermod on the site and deleted a load of threads that way. Is there anyway to find out how they got the password? Or even if it was just the actual member and now he's lying?

IP's have been checked and whoever did it used a proxy. If it was brute forced would there be logs on the server?

The password was pretty unguessable and it had a number at the end as well, so I don't think it could have been guessed, and the member says that he's never told anyone his password.

Any replies would be appreciated, thanks.
Reply With Quote
  #2  
Old 09 Feb 2008, 13:49
nexialys
Guest
 
when you go to the moderator logs, you see who used the function AND the IP... if the IP fit the old actions, you sure know it is the same person...

this is INTERNAL management... we can't help you deal with your moderators... the simple act of banning him may or may not fix the problem, it's all to you.

there is no brute-force moderator actions in vbulletin, even if you dream of it... it is impossible to hack the system from the database, the data would be incoherent after that.
Reply With Quote
  #3  
Old 09 Feb 2008, 13:56
KempoMRK KempoMRK is offline
 
Join Date: Feb 2007
The IP doesn't fit the actions, they were under a proxy, so it still could have been the same guy. And the mod seems like a cool guy so I'm thinking it's more likely to be a hacker, we just wanna make sure. Also, by brute forcing not working, do you mean from the outside? I meant someone could have tried brute forcing his vBulletin password.

Thanks for your reply man.
Reply With Quote
  #4  
Old 10 Feb 2008, 12:12
stelthius stelthius is offline
 
Join Date: Jan 2008
i beleive there is a Proxy to real IP mod/hack i say install it and move on wait for next time and in that time up your security htaccess make sure you know who has got that sort of access and keep a close eye on the logs about all you can do really, anyway good luck mate

Rick
Reply With Quote
  #5  
Old 10 Feb 2008, 12:15
legionofangels's Avatar
legionofangels legionofangels is offline
 
Join Date: Mar 2007
I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.

My advice, only Admins can delete threads or posts, or even better, only admins can permanently remove.

I only allow 2 of 4 admins to permanently remove threads/posts and I'm one of them as owner so that it makes it kind of simple to know if we've been hacked or not.
__________________


Christian discussion, support, & fellowship
Reply With Quote
  #6  
Old 10 Feb 2008, 12:16
MiahBeSmokin420 MiahBeSmokin420 is offline
 
Join Date: Jun 2007
yep proxie to real ip and then add the proxie redirect you will never have another problem again

then add in that one shit whats it called the AE mutipule login dectctor and multiple login ban

you will nerver have another problem with people again ban them and then there gone

ive banned over 25 people from my site fro doing dumb ass shit and the tried for about 2 days to get back on the site and they couldnt get bake on

so ya just search the site for them things and you should be good to go

but i got to go update my vb
Reply With Quote
  #7  
Old 10 Feb 2008, 17:59
slappy slappy is offline
 
Join Date: Apr 2003
Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,
Reply With Quote
  #8  
Old 10 Feb 2008, 18:59
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by legionofangels View Post
I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.
It only works if the proxy server passes on the original IP details. Hackers would (obviously) use proxy servers that do not.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #9  
Old 10 Feb 2008, 20:26
KempoMRK KempoMRK is offline
 
Join Date: Feb 2007
Originally Posted by slappy View Post
Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,
The main owner of the site came on and luckily he had a backup from the day before, so all the important stuff was restored.

We still can't work out who did it though. I'll look into the proxy unveiler thingy.

Thanks to everyone else for the replies.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 05:26.

Layout Options | Width: Wide Color: