Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 26 Dec 2008, 12:54
3ashek 3ashek is offline
 
Join Date: Apr 2007
style hacking

hello

I have a big problem with the vbulletin forums

I have a webhosting and I founf every day about 5-6 forums have hacked .

the hacking comming on the style for the forum . They just change the formhome template .


but I found this problem every day on all the vbulletin versions from 3.6.x to 3.8.0


please help me to find a solution for this .
Reply With Quote
  #2  
Old 26 Dec 2008, 13:35
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Can you post URL to such boards?

Are they all on the same server?
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #3  
Old 26 Dec 2008, 13:37
3ashek 3ashek is offline
 
Join Date: Apr 2007
this is one of them

2movies.net

this forum has been hacked 3 times on 2 days


and not all the forums on the same server
Reply With Quote
  #4  
Old 26 Dec 2008, 13:57
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Would have more expected them to be on 1 server. If multiple boards, running different versions are being hacked, then you must look for the common factors.

It is unlikely that they are hacked thru core vB. More likely is direct database access or shell access on the server.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #5  
Old 26 Dec 2008, 14:00
pnosko31 pnosko31 is offline
 
Join Date: May 2006
are you using the same username and pass for all servers?
Reply With Quote
  #6  
Old 26 Dec 2008, 16:17
3ashek 3ashek is offline
 
Join Date: Apr 2007
I make everything to make this server secuer and also I'm not using the SAME data on every forum

the last thing I want to explain that there isn't any changes happened to the files for this forum .

also the hacker didn't use the account on the board to make his hack as if he could hack the database or anythig else he could be deleta any thing from it

all what I do here to restore the forumhome template for the style as It was before ,

please tell me If there is something I can do to stop these hackers..


wait for reply
Reply With Quote
  #7  
Old 26 Dec 2008, 16:25
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Well something is able to make changes to the templates table in the database. This is either done by direct access to the database (why delete info if you want to redirect to a spam site?), or by an installed modification that is vulnerable to SQL-injections.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #8  
Old 26 Dec 2008, 22:55
3ashek 3ashek is offline
 
Join Date: Apr 2007
Now after 7 hours of tryping this thread at this moment 8 forums has been hacked by the same way.


however I have reuploa forum files again and make firewall on the admincp and put new style ,


please tell me what is the problem there
Reply With Quote
  #9  
Old 27 Dec 2008, 05:13
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Originally Posted by Marco van Herwaarden View Post
Well something is able to make changes to the templates table in the database. This is either done by direct access to the database (why delete info if you want to redirect to a spam site?), or by an installed modification that is vulnerable to SQL-injections.
...
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #10  
Old 27 Dec 2008, 19:04
Golzarion's Avatar
Golzarion Golzarion is offline
 
Join Date: Jan 2008
Real name: Mohsen
Why don't you take a look at server log ?? ( log access raw )

you can see how they act exactly ...

Do you use shared server ?

And did you change the database password after being hacked ?

change the database password and re edit config.php and also can test this plugin : http://www.vbulletin.org/forum/showt...04#post1687304
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:57.

Layout Options | Width: Wide Color: