Jump to content
Create New...

PSA for Clans/Sites using vBulletin


Recommended Posts

I see that most clans nowadays are running on Enjin site, but if you are still running vB, be sure to keep it up to date as there are some hackers out there exploiting vulnerabilities in the vB software. I believe this is the same group that hacked VR's website before they closed doors. About a week ago LPK and IFx's sites were hacked by this group and just recently AF. Don't forget to keep regular backups of your site as well.

 

There are other great CMS and forum software that is not as popular as vB but provides as good, if not better and more secure forums for communities.

Link to comment
Share on other sites

  • Directors

As I posted here http://www.urgentfury.com/showthread.php/86156-Several-Clan-Websites-hacked-this-past-week keep in mind that the attacks on the sites such as AF were not done through a vb vulnerability. These sites were targeted due to poor password practices.

 

The actual source code of php files were overwritten using ftp software and such. I have seen the message sent by the hackers to one of the affected sites where they stated it was to teach these sites a lesson.

 

We constantly review sites for password issues and have strict password requirements in place to prevent this. The other issue is shared hosting. Because of our limited amount of sites, we are able to secure the server tighter than most.

 

Please use the recommendations to secure your site, just because you are not using vb does not make you safe. I have seen all forum software get hacked in some form or fashion. There is no perfect script out there and if they say they are, be careful.

Link to comment
Share on other sites

So just some basic research into has led me to this.

 

 

Removed image because IP addresses present

 

 

The first row is the last modification I had made (my user ID was 105) before I abandoned the site. Now here is where things get interesting. As you can see user 190 is used with 2 different IPs (which are from a proxy host in Denmark) uploading some sort of content to the site and importing something to the database followed by a removal from the second IP.

 

 

The first row took place at: Thu, 14 Feb 2013 07:42:31 GMT

The delete row took place at: Thu, 14 Feb 2013 08:15:45 GMT

 

 

Now for the interesting part, user 190 is Johnson30; however, he did not access the site in the past few months. Which leads me to believe that AF getting hacked somehow had to do with IFx/LPK getting hacked.

Edited by Shane
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

Military including Active, Reserve, Veteran and Dependents get 50% off of our Spec Ops Premium Experience

×
×
  • Create New...

Important Information

By visiting this site you agree to our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Write what you are looking for and press enter or click the search icon to begin your search