Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 06 Nov 2014, 08:42
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
vBulletin hack with vblogin.php

cek this post : https://theadminzone.com/threads/vbu...2/#post-932481
__________________
none_
Reply With Quote
  #2  
Old 06 Nov 2014, 08:47
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
What is the question?
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #3  
Old 06 Nov 2014, 08:53
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
Originally Posted by Dave View Post
What is the question?
only share information ..
hacker dump database .. cek my post at the admin zone
__________________
none_
Reply With Quote
  #4  
Old 06 Nov 2014, 10:30
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Well the post is deleted or hidden there, so we know nothing.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #5  
Old 06 Nov 2014, 10:47
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
ok ..
this script vblogin.php


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and this two attach msd.zip and msd1.zip

i hope someone can give explan how this script work..
Attached Files
File Type: zip msd.zip (96.5 KB, 4 views)
File Type: zip msd(1).zip (124.1 KB, 3 views)
__________________
none_
Reply With Quote
  #6  
Old 06 Nov 2014, 10:49
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Well you may have been hacked somehow.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #7  
Old 06 Nov 2014, 10:50
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
It's just a script which has some code copied from the real login.php file. After a successful login it redirect you to the admincp.

The second script is a database dumper.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #8  
Old 06 Nov 2014, 10:56
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
Originally Posted by ozzy47 View Post
Well you may have been hacked somehow.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
ok. thanks

Originally Posted by Dave View Post
It's just a script which has some code copied from the real login.php file. After a successful login it redirect you to the admincp.

The second script is a database dumper.
but how hacker can upload to server
__________________
none_
Reply With Quote
  #9  
Old 06 Nov 2014, 10:57
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Originally Posted by Muhammad Rahman View Post
but how hacker can upload to server
Gonna be almost impossible to tell how they did it. Best thing to do is clean up everything, and secure the site/server.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #10  
Old 06 Nov 2014, 11:02
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
Originally Posted by ozzy47 View Post
Gonna be almost impossible to tell how they did it. Best thing to do is clean up everything, and secure the site/server.
hacker try to find config.php


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

thanks for information
__________________
none_
Reply With Quote
  #11  
Old 06 Nov 2014, 11:20
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #12  
Old 06 Nov 2014, 11:53
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
Originally Posted by Dave View Post
It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.
i contact my server, don`t have any log hack .. they said hack from script, not from sever attack

this my plugin
  1. Adam's Subscribed Thread Notifications
  2. Advanced Application Forms (INACTIVE)
  3. BT - Social Group Message Quote
  4. Change Posts Owner
  5. Chip2love.9xpro - Limit new thread/post per day
  6. First Post on all pages (INACTIVE)
  7. Forum Category Icons (Advanced)
  8. Forum Runner (INACTIVE)
  9. GeekyDesigns Default Avatar
  10. Global Threads: The Next Generation FREE by BOP5
  11. GlowHost - Spam-O-Matic
  12. Helpful Answers (INACTIVE)
  13. iTrader (INACTIVE)
  14. Limit Posts Per Day in Threads by BOP5
  15. Make Prefixes Clickable to Filter Forumdisplay
  16. Mark Thread As 'Sold'
  17. Minimum Post Count Required To Post Blog Entries
  18. Mod-Mall BB Code Spoiler
  19. More Share Options for VB4 by BOP5 Light (INACTIVE)
  20. Nested Quotes
  21. Advanced User Tagging (DBTech)
  22. DBSeo (DBTech) (INACTIVE)
  23. Panjo (INACTIVE)
  24. PB Usergroup Choice on Registration (INACTIVE)
  25. Ajax Point System
  26. PostRelease (INACTIVE)
  27. ProvB - Extra Threadfields
  28. Rotating Banner System
  29. Skimlinks Plugin (INACTIVE)
  30. Subscription Notification System
  31. Tapatalk (INACTIVE)
  32. Thread Participants - by rellect
  33. Threads Started by User in Postbit & Profile
  34. User Article Count (INACTIVE)
  35. Usergroup Allow HTML
  36. vBadvanced CMPS
  37. vBulletin Blog (INACTIVE)
  38. vBulletin CMS (INACTIVE)
  39. vFcoders - Ajax First Post Collapsable Hack (INACTIVE)
  40. View your Threads or Posts from the Navbar
  41. VSa - Sub-Forum Manager (INACTIVE)
  42. WS vBulletin Tweet Poster
  43. XenForo Style Avatars
  44. [OzzModz] Exclude Forums From Activity Stream (INACTIVE)
__________________
none_
Reply With Quote
  #13  
Old 06 Nov 2014, 11:56
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #14  
Old 06 Nov 2014, 12:03
Muhammad Rahman Muhammad Rahman is offline
 
Join Date: Jun 2012
Originally Posted by ozzy47 View Post
Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin
yes.. only my custom mod


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
none_
Reply With Quote
  #15  
Old 06 Nov 2014, 12:18
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Check the FG, FGD, ghj and Lintas Agama Terbaru plugins because they have suspicious names which I never heard of. If unsure, post the contents of the plugins here.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 01:14.

Layout Options | Width: Wide Color: