So finaly my forum has been hacked... what to do?
- Thread starter Arthur
- Start date
- Status
SuicidalMedia
Active Member
Read about CHMOD here :
http://php.about.com/od/phpbasics/ht/chmod.htm
If you didn't opened it you're fine. And also, which version of vBulletin you were using?
http://php.about.com/od/phpbasics/ht/chmod.htm
If you didn't opened it you're fine. And also, which version of vBulletin you were using?
dermechove
Active Member
Man I want to clarify some points:
-This so called hacker used a vuln in your script OR on your server.
-If you are runing some old vBulletin or you have installed a vulnerable plugins or products (and they are a lot) he must have used it.
-This guy IS NOT A HACKER :: he is simply a script kidie or w/e it's called.
what he have simply done is:
so guys don't worry just keep your scripts up to date and you'll be fine.
And yeah don't give you passwords to any one(on the Internet) u don't know who is watching you.
-This so called hacker used a vuln in your script OR on your server.
-If you are runing some old vBulletin or you have installed a vulnerable plugins or products (and they are a lot) he must have used it.
-This guy IS NOT A HACKER :: he is simply a script kidie or w/e it's called.
what he have simply done is:
Code:
-went to milw0rm (or any other sited that publish 0day exploits)
-have found a 0day exploit.
-he used the dork supplied WITH the exploit to search IN Google for infected sites.
-he just used the Exploit.And yeah don't give you passwords to any one(on the Internet) u don't know who is watching you.
ok.. i'll chk that.... i was using vb 4.0.4 and thinking to switch the latest VB...but.......
bro i am not much familer with this kinda of things like backdoored or shells etc..... please explain it... i know they are belong to hacking stuff but please share your expereince
no its all right man.... i have talked to my hosting provider..... they will fix that.
what that "vulnerable plugins or products" i had installed lots of plugin....
and scripts? which kinda of script? etc please tell me brother
LOL @ professional hacker. A fuckin script kiddie who runs around defacing pages with some exisiting vulnerability?
dermechove
Active Member
You should use a non nulled vBulletin (or at least nulled by trusted teams [vBteam.info]).
Use only official products release(vBteam.info,vbulletin.com).
try to keep your scripts updated and don't install any Release Candidate or Pre-releases(these are for testing purposes).
Use only official products release(vBteam.info,vbulletin.com).
try to keep your scripts updated and don't install any Release Candidate or Pre-releases(these are for testing purposes).
dermechove
Active Member
I meant you can get newer versions of plugins in case of a security flaw or smth(I mean faster than other unofficial websites).
And do you have any access to your server.(Contacted your hoster yet??)
And do you have any access to your server.(Contacted your hoster yet??)
yup man..... i have sent them a mail.... now w8ng for that....
how can i get newer plugin bro? as i am using nulled version and am not verified member of vbulletion.org so how could i get the trusted thing?
one more thing brother, what are the causes of this hack? what should be delted to my forum? i mean i did not accept his any file or something else then how can he infacted me?
how can i get newer plugin bro? as i am using nulled version and am not verified member of vbulletion.org so how could i get the trusted thing?
one more thing brother, what are the causes of this hack? what should be delted to my forum? i mean i did not accept his any file or something else then how can he infacted me?
rsjunction
Active Member
Reset your pass Contact your host
Contact your host
Reset your pass
yup i did that
brother this is not the right way of talking, i guess. He promised me not to change my pass, if he did that then what is my fault?? ha?
i trusted on him and he did this to me
OMG, he did that again
here is the source code... One of my hacker friend, he removed that hack page yesterday, but the saudi arabin guys come again...... and look what they did to me... can't we stop them?? i mean what are the cause of hacking? is there any spot that which we r missing? and the hacker is taking benefit from that??
ha?
i can't post that coding because "You have included 61 images in your message. You are limited to using 40 images so please go back and correct the problem and then continue again.
Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator."
so here is the screenshot
[IMG]http://i28.tinypic.com/nbf0iu.jpg
here is the source code... One of my hacker friend, he removed that hack page yesterday, but the saudi arabin guys come again...... and look what they did to me... can't we stop them?? i mean what are the cause of hacking? is there any spot that which we r missing? and the hacker is taking benefit from that??
ha?
i can't post that coding because "You have included 61 images in your message. You are limited to using 40 images so please go back and correct the problem and then continue again.
Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator."
so here is the screenshot
[IMG]http://i28.tinypic.com/nbf0iu.jpg
dark_hunter
Active Member
Maybe he rooted you?
Acutualy he has the acces of my Cpanel... don't know when my hosting compny reset my pass.... when i were creating the previous post, my hacker friend had already been removed that page
here is the screenshot
i don't know when this fight will be end......
he hack us, we remove that page.... ahhhhhhhhhh
i hate that stuff
here is the screenshot
i don't know when this fight will be end......
he hack us, we remove that page.... ahhhhhhhhhh
i hate that stuff
dark_hunter
Active Member
Look on the server for a file used, often called a shell, they use this to access your box.
- Status