Don't Like the Ads? Upgrade your experience to remove the ads for only $20.00 per year.


Don't Like the Ads? Upgrade your experience to remove the ads for only $20.00 per year.
Sign in to follow this  

PSA for Clans/Sites using vBulletin

Recommended Posts

I see that most clans nowadays are running on Enjin site, but if you are still running vB, be sure to keep it up to date as there are some hackers out there exploiting vulnerabilities in the vB software. I believe this is the same group that hacked VR's website before they closed doors. About a week ago LPK and IFx's sites were hacked by this group and just recently AF. Don't forget to keep regular backups of your site as well.

 

There are other great CMS and forum software that is not as popular as vB but provides as good, if not better and more secure forums for communities.

Share this post


Link to post
Share on other sites
Click here to get 6 months Select Satellite Radio for $30 at SiriusXM.com

Don't Like the Ads? Upgrade your experience to remove the ads for only $20.00 per year.
Get 6 months of SiriusXM All Access for only $50

Don't Like the Ads? Upgrade your experience to remove the ads for only $20.00 per year.
Click here to get 6 months Select Satellite Radio for $30 at SiriusXM.com

As I posted here http://www.urgentfury.com/showthread.php/86156-Several-Clan-Websites-hacked-this-past-week keep in mind that the attacks on the sites such as AF were not done through a vb vulnerability. These sites were targeted due to poor password practices.

 

The actual source code of php files were overwritten using ftp software and such. I have seen the message sent by the hackers to one of the affected sites where they stated it was to teach these sites a lesson.

 

We constantly review sites for password issues and have strict password requirements in place to prevent this. The other issue is shared hosting. Because of our limited amount of sites, we are able to secure the server tighter than most.

 

Please use the recommendations to secure your site, just because you are not using vb does not make you safe. I have seen all forum software get hacked in some form or fashion. There is no perfect script out there and if they say they are, be careful.

Share this post


Link to post
Share on other sites

So just some basic research into has led me to this.

 

 

Removed image because IP addresses present

 

 

The first row is the last modification I had made (my user ID was 105) before I abandoned the site. Now here is where things get interesting. As you can see user 190 is used with 2 different IPs (which are from a proxy host in Denmark) uploading some sort of content to the site and importing something to the database followed by a removal from the second IP.

 

 

The first row took place at: Thu, 14 Feb 2013 07:42:31 GMT

The delete row took place at: Thu, 14 Feb 2013 08:15:45 GMT

 

 

Now for the interesting part, user 190 is Johnson30; however, he did not access the site in the past few months. Which leads me to believe that AF getting hacked somehow had to do with IFx/LPK getting hacked.

Edited by Shane

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this