my forum was hacked , need help!!

bongwater · 09-04-2006, 02:48 PM

My forum was hacked, I get the following message

Defaced By CiberPunk

sh-2.05b$ ls

error to connect the server . . . . . . . . .

Community Punk Unidos!
We Are Punk Unidos..... CiberPunk Rules!

sh-2.05b$ id
uid=(root) gid=(root) groups=(root)
CiberPunk HackeD Your system

Process this completing. . . . . . . . . . . . . . . . . . . . . .
Process went completed

.:Members:.
CiberPunk, punknomas
Punk Unidos

What do I do???? running 3.6 gold. thanks

bongwater · 09-04-2006, 02:52 PM

okay, I found a fix, I reuploaded the index.php file. Looks like somebody hacked into it and overwrote that file. Any ideas on how to protect that file or any other files vulnerable to a hack?

Idan · 09-04-2006, 02:56 PM

most likely some product code/plugin installed on your forum might have some xss vuln that were exploited successfully... (or maybe vbulletin itself with unpatched security "hole" found ???)
the best you could do is try to gather all logs you can on find your hosting, hoping to understand what was exploited & how in order to prevent this from ever repeating again.

Nick R · 09-04-2006, 03:05 PM

And make a weekly db backups at least. Make sure the chmod permissions are ok and you don't have a file upload center uploading to root that supports php files.

ntfu2 · 09-04-2006, 04:43 PM

Not only should you make a weekly DB backup, but dont forget to download that from the server, or back it up to another server. Nothing like doing it, then leaving it on the server and it getting deleted :shock:

Do you have Top X Stats installed?

Nick R · 09-04-2006, 04:48 PM

The top x stats was just the forum home redirect it doesn't overide files. Which you can't do anyway unless you have ftp access or the chmod perms are wrong.

bongwater · 09-04-2006, 05:06 PM

can changing chmod permissions on the index file prevent an intruder from overwriting the file? if so, what would the permission setting be?

stutefc · 09-04-2006, 05:11 PM

Got hacked twice this year already, both from Romania believe it not. I do daily back ups. You normally think it is ok to upload the index file again, but they normally leave another few pressies, your best to get your host provider to have a look at the server for you as well.

Nick R · 09-04-2006, 05:18 PM

Best to do the root folder seeing as you don't need that chmod, dhouls be 644 i think.

bongwater · 09-04-2006, 05:42 PM

Quote:

Originally Posted by rogersnm

Best to do the root folder seeing as you don't need that chmod, dhouls be 644 i think.

My chmod settings for my forum root is set at 775. So if I change the permissions to my root folder (http://www.mysite.com/forums) to chmod 644 (my ftp client is SmartFTP), that should prevent an intruder from overwriting the index file again?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Forum Display Ordering (User Control)	xyz	vBulletin 3.5 / 3.6 Hack Releases	14	07-20-2007 09:35 PM
Automatic send forum password after accept rules	JollyJack	vBulletin Modification Requests	3	08-17-2006 09:24 PM
Archive	HDRebel88	vBulletin Modification Requests	2	07-29-2006 10:38 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)