Subject: Hacked in a big way

Posted on: 23/03/06 09:03pm
By: eyecravedvd

Hello all,

I've been hacked big time. I'm wondering if anyone here can help me track down who did it. They wiped all the files off my server and left just the directories. I don't have shell access to my acct so I know it wasn't done that way. Could a script do that. I was running the last version of 1.8sr4 or 5 and was about to upgrade to the latest 1.4 was their any large vulnerabilities that would allow this kind of access?

Thanks,

Shane

Hacked in a big way

Posted on: 24/03/06 03:17am
By: beewee

If they had access to all those files, it had nothing to do with the vulnerabilty of Geeklog but with your webserver/hosting account...hope your backups are recent and OK. Good luck!

Hacked in a big way

Posted on: 24/03/06 03:17am
By: Dirk

The issue that was addressed with Geeklog 1.4.0sr1 and 1.3.11sr4 allowed remote code execution and we know of at least two other sites that have been hacked exploiting that vulnerability.

bye, Dirk

Hacked in a big way

Posted on: 24/03/06 05:35am
By: 1000ideen

Maybe it is simply a problem with your hoster? Did you have any other scripts like phpBB running?

Hacked in a big way

Posted on: 24/03/06 08:14am
By: eyecravedvd

Thanks for the email dirk. There was no code in the error.log, but late after I posted this I think I discovered how they got in. It was through a hole in my older version of vBulletin. It has a remote exucution vulnerability which they used and the reason how I know is they altered the db user table and changed my email address to theirs.

I've upgraded it and will be upgrading to 1.3.4sr1 as well.

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=65590