Welcome to Geeklog Wednesday, September 23 2020 @ 12:18 am EDT

Geeklog Forums

Hacked in a big way


Status: offline

eyecravedvd

Forum User
Full Member
Registered: 09/06/03
Posts: 152
Hello all,

I've been hacked big time. I'm wondering if anyone here can help me track down who did it. They wiped all the files off my server and left just the directories. I don't have shell access to my acct so I know it wasn't done that way. Could a script do that. I was running the last version of 1.8sr4 or 5 and was about to upgrade to the latest 1.4 was their any large vulnerabilities that would allow this kind of access?

Thanks,

Shane
Shane | www.EyeCraveDVD.com
 Quote

Status: offline

beewee

Forum User
Full Member
Registered: 05/08/03
Posts: 969
Location:The Netherlands, where else?
If they had access to all those files, it had nothing to do with the vulnerabilty of Geeklog but with your webserver/hosting account...hope your backups are recent and OK. Good luck!
Dutch Geeklog sites about camping/hiking: www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
The issue that was addressed with Geeklog 1.4.0sr1 and 1.3.11sr4 allowed remote code execution and we know of at least two other sites that have been hacked exploiting that vulnerability.

bye, Dirk
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 04/08/03
Posts: 1298
Maybe it is simply a problem with your hoster? Did you have any other scripts like phpBB running?
 Quote

Status: offline

eyecravedvd

Forum User
Full Member
Registered: 09/06/03
Posts: 152
Thanks for the email dirk. There was no code in the error.log, but late after I posted this I think I discovered how they got in. It was through a hole in my older version of vBulletin. It has a remote exucution vulnerability which they used and the reason how I know is they altered the db user table and changed my email address to theirs.

I've upgraded it and will be upgrading to 1.3.4sr1 as well.
Shane | www.EyeCraveDVD.com
 Quote

All times are EDT. The time is now 12:18 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content