Board Hacked

[hobbes51]

i totally agree, im constantly watching my users online.. but it's new forum (2 months) , so yeah i am just trying to build the member registration count.

Daily backup was what saved me.. as soon as that first guy tried to access admincp i did a backup - been using that


i loaded all my files onto another server.. imported sql with navicat and the passwords are working... will post more updates when i put the board back up

ive been using cpanel to generate all my passwords at 100% security.. learned alot from this to say the least

do have alot of hacks running.. most recent one i loaded was vbexperience

also have vbseo, vbanonymizer, category icons hack, and some others i forget right now

 

[GgAcE]

I screen each new registration on my boards personally. if something smells even remotely fishy, I reject the registration. I feel it is better to err occasionally on the side of paranoia than to be consistently foolish. Users who seem up to no good, usually are.

I know many board owners or Administrators care more about the quantity of members rather than the quality? I can't tell you how many boards I have seen where the Admins are not employing adequate spam protection on their registration page and allowing their members list to swell with members who are actually automated key machine spambot registrations. I have never read a good post by viagracheappp. Have you?

I feel there is no substitute for an Administrator with a hands on involvement in his board, who takes an active interest in maintaining the quality and integrity of his board. I watch who's online like a hawk. When you see an unregistered guest on a closed, registered members only forum, who is looking at Administrator PM on the who's online list -you should be more than a little curious as to how that could be. I am the only person with Administrative permissions on my board. I don't even have super Mods. I don't even want staff looking at member IPs.

Changing your Administrator password regularly is a good practice. The longer the password the better.

I have a Shoutbox and a Top Stats feature on all my sites; but I have never been hacked or suffered any serious vandalism whatsoever. I know forum Admins who absolutely refuse to use any hack whatsoever because they feel it makes them vulnerable to hackers. It is said those hacks are major security vulnerabilities.

Preventing the ability to use html in posts is a necessity to prevent the embedding of malicious files that could redirect your forum's url. But even then it can sometimes be done with a booby trapped image. Turkish hackers are famous for that one.

I suppose if someone with ability really wants into your forum, there isn't much you can do until you catch them.

My motto? Daily backups - Daily backups- Daily backups!

Best regards,

B.

Tough to do daily backups when you have 19,000 + registered active members & a few hundred thousand threads, etc. Takes FOREVER >.<

 

[hobbes51]

finally put my forum back online to the public today.

using a more secure server now, updated to RC2 and all the passwords work on an old template i was using (is it possible my login.php variables were tampered with on my main template) anyway... thanks for the info about the server v0id.


only problem im having now is when you click on a username, this sql error pops up... i think my whole album sql is gone.. i tried to fix in maintenance but didn't work. will be trying some more stuff tonight

Database error in vBulletin 3.7.0 Release Candidate 2:

Invalid SQL:

			SELECT album.*,
				picture.pictureid, picture.extension, picture.idhash,
				picture.thumbnail_dateline, picture.thumbnail_width, picture.thumbnail_height
				
			FROM album AS album
			LEFT JOIN picture AS picture ON (album.coverpictureid = picture.pictureid AND picture.thumbnail_filesize > 0)
			
			WHERE album.userid = 3
				AND album.state IN ('public', 'private', 'profile')
				AND album.picturecount > 0
				
			ORDER BY album.lastpicturedate DESC
			LIMIT 2;

MySQL Error   : Unknown column 'album.picturecount' in 'where clause'
Error Number  : 1054
Date          : Friday, April 4th 2008 @ 08:59:34 PM
Script        : http://domain.com/member.php?action=getinfo&u=3
Referrer      : http://domain.com/
IP Address    : ~censored~
Username      : admin
Classname     : vB_Database
MySQL Version : 5.0.45-community

 

[sweety_vbulletin3_import9520]

Tough to do daily backups when you have 19,000 + registered active members & a few hundred thousand threads, etc. Takes FOREVER >.<

I recommend Rsync, it does incremental backups so if you run it daily it only needs to copy 24 hours worth of posts and registration data. So for a small board like yours it will cut through it like butter, using Diff + Compression you are probably looking at 1MB tops a day in transfer to maintain a multi-stage backup solution.

 

[hobbes51]

solved my problem:

Suspect File Versions in maintenance --> deleted all unrecognized files in includes/xml


I have been looking for an automatic daily backup solution - thanks for the info on rsync sweety

thanks for everyones help! hope this encourages other admins to change their passwords and make sure their board is secure and admincp is firewalled