Welcome to Geeklog, Anonymous Thursday, November 14 2024 @ 10:14 pm EST
Geeklog Forums
Hacked in a big way
Status: offline
eyecravedvd
Forum User
Full Member
Registered: 06/09/03
Posts: 152
Hello all,
I've been hacked big time. I'm wondering if anyone here can help me track down who did it. They wiped all the files off my server and left just the directories. I don't have shell access to my acct so I know it wasn't done that way. Could a script do that. I was running the last version of 1.8sr4 or 5 and was about to upgrade to the latest 1.4 was their any large vulnerabilities that would allow this kind of access?
Thanks,
Shane
Shane | www.EyeCraveDVD.com
I've been hacked big time. I'm wondering if anyone here can help me track down who did it. They wiped all the files off my server and left just the directories. I don't have shell access to my acct so I know it wasn't done that way. Could a script do that. I was running the last version of 1.8sr4 or 5 and was about to upgrade to the latest 1.4 was their any large vulnerabilities that would allow this kind of access?
Thanks,
Shane
Shane | www.EyeCraveDVD.com
14
12
Quote
Status: offline
beewee
Forum User
Full Member
Registered: 08/05/03
Posts: 969
Location:The Netherlands, where else?
If they had access to all those files, it had nothing to do with the vulnerabilty of Geeklog but with your webserver/hosting account...hope your backups are recent and OK. Good luck!
Dutch Geeklog sites about camping/hiking:
www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net
Dutch Geeklog sites about camping/hiking:
www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net
21
12
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
The issue that was addressed with Geeklog 1.4.0sr1 and 1.3.11sr4 allowed remote code execution and we know of at least two other sites that have been hacked exploiting that vulnerability.
bye, Dirk
bye, Dirk
12
15
Quote
Status: offline
eyecravedvd
Forum User
Full Member
Registered: 06/09/03
Posts: 152
Thanks for the email dirk. There was no code in the error.log, but late after I posted this I think I discovered how they got in. It was through a hole in my older version of vBulletin. It has a remote exucution vulnerability which they used and the reason how I know is they altered the db user table and changed my email address to theirs.
I've upgraded it and will be upgrading to 1.3.4sr1 as well.
Shane | www.EyeCraveDVD.com
I've upgraded it and will be upgrading to 1.3.4sr1 as well.
Shane | www.EyeCraveDVD.com
16
11
Quote
All times are EST. The time is now 10:14 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content