Results 1 to 14 of 14
  1. #1
    Join Date
    Oct 2006
    Posts
    64

    * Why always ALL VBulletin forums get hacked easily ??

    Hello, I'm an owner and manager of a server running about a year ago, and everything was fine till three months ago.
    Many VBulletin forums hacked from one hacer.

    i hired a technical to re-setup security of the server
    upgrading for ( OS , php , apache ) done. and other setting...
    after that he said every thing is ok now.
    3 weeks later , hack back again from another hacker on 3 VBulletin forums
    put in your concideration all hacked forums are secured enough and using 3.6.8 patch level 2.

    what possible reasons assist the hacker to reach config file ??
    is this a gab from the server or VB version??
    plz help me in that huge problem


    OS : Fedore 5 .. upgraded from Fedora 4
    php Version : 5.2.4
    Apache Version : 1.3.39
    PERL version 5.8.8

  2. #2
    Join Date
    Apr 2004
    Location
    UK
    Posts
    1,331
    Have you checked your logs to find out how it is being done, or submitted these logs to vBulletin, or had your tech to look at them if you do not understand them?
    .
    @jmedwards
    - find me on Twitter!
    Kayako help desk software - we help our customers help their customers

  3. #3
    Join Date
    Oct 2006
    Posts
    64
    the tech will check them in few hours, honestly i don't trust him 100% so i want to know the whole matter b4 he check.
    plz tell me how to check logs .

    thanks in advance

  4. #4
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    did you allow member to upload sth ?
    VN-SG Hosting | Shared Hosting | Reseller at very affordable price |
    http://vn-sg.com

  5. #5
    Join Date
    Oct 2006
    Posts
    64
    no, it's not allowed.

  6. #6
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,190
    Quote Originally Posted by Mak3000 View Post
    the tech will check them in few hours, honestly i don't trust him 100%...
    Hire someone from here. There are some very knowledgeable techs that can make sure your server's secure.
    There is no best host. There is only the host that's best for you.

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    There's a major difference between "hacking" and "defacement". Make sure you understand the difference here and that you're actually posting correct information.

    If you're seeing something other than you'd expect on your forums (ie: sql injection), then you're looking at defacement, NOT hacking. This is simplistic and doesn't even warrant the term 'hack'.

    That said, without really knowing what your forums are doing, what mods you have in place, it'ss really not possible to tell why this keeps happening. There ARE a few things you can do to minimalize the risk of this, but that's still only going to minimalize it.

    A> set up proper permissions. use write permissions ONLY where necessary. This is one of the most easy ways to get hacked, leaving your permissions wide open. that's like leaving your apartment in downtown new york unlocked, it's just ASKING for trouble.

    B> Use proper patches. Don't just compile php and sayy "it's done". No, PATCH your php with something such as suhosin. Others would argue that suphp/phpsuexec would work, but that's debatable, due to the strict limitations it places on the server.

    C> UPDATE UPDATE UPDATE! Keep your forums (and php and apache and your SERVER) up to date!! Updates are released for a reason, software is declared 'old' for a REASON. Don't just go out there and assume you can run vb 3.x, you need to keep up to date with the latest version (right now stable is 3.6.8 pl2 and 3.7 is the alpha)

    D> Pay attention to your server. Your server is talking, are you listening, or just ignoring it? Do you UNDERSTAND what it says, or are you two speaking a different language? If you don't understand it, that's fine, but hire someone to keeep an eye on it that DOES!

    E> Protect yourself with proper mod_security rules, proper firewalls, proper security at the base.

    Of course, again, if you don't understand that, then you should find someone who does to manage your server PROactively. Don't look to 'cheap service providers' to do this for you, because for the most part they are NOT proactive.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  8. #8
    Join Date
    Aug 2002
    Location
    Superior, CO, USA
    Posts
    633
    Quote Originally Posted by linux-tech View Post
    There's a major difference between "hacking" and "defacement". Make sure you understand the difference here and that you're actually posting correct information.

    If you're seeing something other than you'd expect on your forums (ie: sql injection), then you're looking at defacement, NOT hacking. This is simplistic and doesn't even warrant the term 'hack'.
    I totally disagree. Do you think that what you perceive as a difference matters to the owner of the forum or their users? Either way files have been modified on the target system without the permission of the owner. Changing an index.html may mean that the hack isn't too bad but I'm not aware of an ISO multi-layer description for the severity of the hack. In short, defacement == hack.

    Mak3000 - you need to hire someone who knows security well and can be trusted. I'm a bit confused by your statement that you have someone looking at it but you don't trust them. Then change your logins and hire someone you do. As SantaRevue pointed out there are very qualified people available through WHT that can help.
    Need Java help? Want to help people who do? Sit down with a cup of Java at the hotjoe forums.

  9. #9
    Join Date
    Dec 2007
    Posts
    35
    Quote Originally Posted by Mak3000 View Post
    Hello, I'm an owner and manager of a server running about a year ago, and everything was fine till three months ago.
    Many VBulletin forums hacked from one hacer.

    i hired a technical to re-setup security of the server
    upgrading for ( OS , php , apache ) done. and other setting...
    after that he said every thing is ok now.
    3 weeks later , hack back again from another hacker on 3 VBulletin forums
    put in your concideration all hacked forums are secured enough and using 3.6.8 patch level 2.

    what possible reasons assist the hacker to reach config file ??
    is this a gab from the server or VB version??
    plz help me in that huge problem


    OS : Fedore 5 .. upgraded from Fedora 4
    php Version : 5.2.4
    Apache Version : 1.3.39
    PERL version 5.8.8
    It's not about vBulletin security issues, it's about your hosting company is weak about security. I think you are being hacked locally.

  10. #10
    Join Date
    Dec 2005
    Location
    South Wales, UK
    Posts
    152
    Quote Originally Posted by Mak3000 View Post
    is this a gab from the server or VB version??
    No.

    Quote Originally Posted by Mak3000 View Post
    honestly i don't trust him 100%
    Is your problem - Nothing to do with vBulletin.

    vBulletin is the most widely used commercial forum software on the planet.

    Dump the server admin/tech your using and seek out a professional.
    It can only be attributable to human error.

  11. #11
    Join Date
    Oct 2006
    Posts
    64
    ok guys , tell me a trusted tech to hire to check server security and settings.
    but plz put contact ways coz i'm Egyption and my English language is not perferct.

    thanks all

  12. #12
    Join Date
    Aug 2004
    Location
    Canada
    Posts
    3,582
    Haven't had any of our vbulletin forums hacked. Only thing I've seen weird lately is constant bots (100+ constant) visiting a few of our forums and doing:

    showthread.php?p=http://migirlsadaoiwqiseatmeisum.mail333.su/body?

    All with various exploit url's and such
    Tony B. - Chief Executive Officer
    Hawk Host Inc. Proudly serving websites since 2004
    Quality Shared and VPS Hosting
    PHP 5.3.x & PHP 5.4.x & PHP 5.5.X & PHP 5.6.X & PHP 7.0.X Support!

  13. #13
    Join Date
    Oct 2001
    Location
    Ohio
    Posts
    8,299
    Quote Originally Posted by TonyB View Post
    Haven't had any of our vbulletin forums hacked. Only thing I've seen weird lately is constant bots (100+ constant) visiting a few of our forums and doing:




    All with various exploit url's and such
    You can block that with mod_security.

  14. #14
    Join Date
    Aug 2004
    Location
    Canada
    Posts
    3,582
    Quote Originally Posted by inogenius View Post
    You can block that with mod_security.
    I'm aware

    I just find it an odd thing for hundreds of bots to be doing daily to vbulletin forums.
    Tony B. - Chief Executive Officer
    Hawk Host Inc. Proudly serving websites since 2004
    Quality Shared and VPS Hosting
    PHP 5.3.x & PHP 5.4.x & PHP 5.5.X & PHP 5.6.X & PHP 7.0.X Support!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •