September 20, 2013 at 01:33VBulletin forum owners - wave of hacks
Recently , a message was posted on vBulletin.com about the likely exposure to exploits in the installation folder.
Since the forum’s security requirement was to delete the install / install.php file, and not the entire install / folder, all forums of the indicated versions (in fact, the latest ones) in which this folder was not deleted are at risk of hacking. In the end, the exploit was released . And he fell into the playful children's hands.
One of my vBulletin forums was hacked yesterday. After about 16 hours from the time of hacking, a user with administrator rights was discovered. The user was immediately banned, and I had to answer two questions:
1. What did he manage to do?
2. Who is he and what did he need?
In search of an answer to the first question, I looked at the action logs in the admin panel. And (oh miracle! And this is the first bell) I found traces:
02:10 installation of the plug-in (no name)
02:17 removal of the plug-in (id = 1030)
Apparently, some manipulations with the forum were made in this 7-minute period. However, diff files and database reconciliation (superficial, because there were many changes in 16 hours) did not produce any results. Perhaps the attacker could not do what came for, or I just could not find anything.
Finding the answer to the second question led me to Algeria, gave out all the information about the kulhacker, including his real IP, email, youtube and facebook accounts, and the history of his “exploits” (see www.hack-db.com ).
Unless I have a home address with a phone. But if they were, I can’t imagine what actions can be taken in relation to him.
The main conclusion: owners of forums on vBulletin - delete the install folder completely! Maybe I’m lucky (or I don’t yet know that I’m not lucky), but vbulletin.com is teeming with hacking posts with consequences of varying severity.
PS I apologize in advance if I wrote a banal or everyone has long known information. Just when I came under the distribution of exploits, the first desire was to find out, the second was to tell.
Since the forum’s security requirement was to delete the install / install.php file, and not the entire install / folder, all forums of the indicated versions (in fact, the latest ones) in which this folder was not deleted are at risk of hacking. In the end, the exploit was released . And he fell into the playful children's hands.
One of my vBulletin forums was hacked yesterday. After about 16 hours from the time of hacking, a user with administrator rights was discovered. The user was immediately banned, and I had to answer two questions:
1. What did he manage to do?
2. Who is he and what did he need?
In search of an answer to the first question, I looked at the action logs in the admin panel. And (oh miracle! And this is the first bell) I found traces:
02:10 installation of the plug-in (no name)
02:17 removal of the plug-in (id = 1030)
Apparently, some manipulations with the forum were made in this 7-minute period. However, diff files and database reconciliation (superficial, because there were many changes in 16 hours) did not produce any results. Perhaps the attacker could not do what came for, or I just could not find anything.
Finding the answer to the second question led me to Algeria, gave out all the information about the kulhacker, including his real IP, email, youtube and facebook accounts, and the history of his “exploits” (see www.hack-db.com ).
Unless I have a home address with a phone. But if they were, I can’t imagine what actions can be taken in relation to him.
The main conclusion: owners of forums on vBulletin - delete the install folder completely! Maybe I’m lucky (or I don’t yet know that I’m not lucky), but vbulletin.com is teeming with hacking posts with consequences of varying severity.
PS I apologize in advance if I wrote a banal or everyone has long known information. Just when I came under the distribution of exploits, the first desire was to find out, the second was to tell.