Next Generation Emulation banner
1 - 20 of 36 Posts

·
.:Enigmatic Protagonist:.
Joined
·
4,361 Posts
Damn ... thats some serious **** out there :/
 

·
Registered
Joined
·
3,106 Posts
ok what he wrote there doesn't make sense to me, can anyone elaborate what it means?
 

·
Premium Member
Joined
·
8,884 Posts
Seems like the permissions issue on the aruantec subdomain finally came back to bite them.

When I was performing some work for @ruantec, I noticed that some/most/all of the files in the forum directory had improper permissions, it seems a hacker exploited this and hacked the forums.

Either that or the hacker got in through another back door. When something like this happens it needs to be figured out exactly what they exploited, fix the issue that was exploited, re-upload all files and a database backup from before it was hacked.

However @ruantec can't re-upload the files unless he has FTP access. In order to fix this he needs FTP access so he can set proper permissions on the files and patch up the holes.

From what I could gather, the aruantec forum was using Mybb 1.4.2. Since then a security audit was done on Mybb 1.4.x and some security issues fixed in the later versions of Mybb 1.4.x.

It could of been either of those things or an unknown backdoor that was exploited by these low life scumbags.
 

·
Premium Member
Joined
·
8,884 Posts
Thanks God we moved the forums thanks to Xtreme2damax :D



YAY the magic word!!! that makes me happy XD
Speaking of that, I'm going to go through and double check everything although I'm fairly certain everything is secure.

Someone from CG might want to remove the affected page in question, find out how it was exploited, patch the issue and upload a backup from before the hack occurred.

I hope these low life scumbag hackers get a taste of their own medicine some day, I hate idiots that get off on ruining others hard work, hacking and plastering their own crap up. We should start a movement to hack the flocking hackers. :evil:

Hopefully they will see this thread upon browsing and take note of the problem, or an administrator can contact one of them.

In fact I will contact one of them right now to take care of this.
 

·
Premium Member
Joined
·
19,572 Posts
Discussion Starter · #8 ·
Speaking of that, I'm going to go through and double check everything although I'm fairly certain everything is secure.

Someone from CG might want to remove the affected page in question, find out how it was exploited, patch the issue and upload a backup from before the hack occurred.

I hope these low life scumbag hackers get a taste of their own medicine some day, I hate idiots that get off on ruining others hard work, hacking and plastering their own crap up. We should start a movement to hack the flocking hackers. :evil:

Hopefully they will see this thread upon browsing and take note of the problem, or an administrator can contact one of them.

In fact I will contact one of them right now to take care of this.
that sounds like a great idea.... anyways i hope this hacker or probably lucky guy doesn´t make me mad.. i´ll try to keep cool but if he piss me off am going to hack his ass out of him... anyways CG refused somehow to give me direct access to the site so at least someone got it and thats why am not pissed right now but rather happy somehow :D
 

·
Registered
Joined
·
3,106 Posts
anyways CG refused somehow to give me direct access to the site so at least someone got it and thats why am not pissed right now but rather happy somehow :D

ahhh i love irony.
 

·
Registered
Joined
·
13,287 Posts
Someone from CG might want to remove the affected page in question, find out how it was exploited, patch the issue and upload a backup from before the hack occurred.
Has anyone else been able to make up a backup? (I doubt it, since apparently noone had direct access). I doubt CG made proper backups of the secondary sites.
 

·
Premium Member
Joined
·
8,884 Posts
I just wanted to issue an update, I was able to log into the ACP here is what was done:

Once I logged in, I viewed the administrative logs..

1. Hacker was possibly able to delete some language files

2. Hacker was able to gain admin access, once in he/it/she modified the index template to the hacked page.

3. I'm not absolutely sure if any files were affected, it just seems like a lame index page/template hack. On second thought it seems the hacker was able to gain administrative access through some vulnerability, then proceeded to edit the index template for the forum and possibly change some other things in addition to modifying the index template.

4. Hacker is registered under the guise khodam, last user to register was khodam, and khodam was listed in the administrative logs as the one who modified the index template to the hacked page.

Here is what I did:

Banned the khodam account, in banning options both the hackers name "khodam", it's email address and IP address were banned in the ACP from being allowed to access the forum. I also ensured the account was no longer able to be logged into by changing the email and password.

I then proceeded to restore the index page/template back to what it was originally. Index page is able to be loaded normally, not sure how much else was affected.

The rest can be left up to the CG folks to patch up and fix this issue, I'm not sure if the hacker was able to gain access due to improper permissions on the files or if it was an SQL vulnerability exploit that allowed them to gain access.

In any case after the vulnerability is patched, an upgrade on the Mybb install should be performed to bring it up to the latest version.

Files and directories that are in need of write permissions:



Permissions for other files may need to be tweaked as well. I can provide the IP address of the hacker as well if it is needed. May I also suggest changing the name of the admin directory to something more difficult to guess? :)
 

·
Banned
Joined
·
35,081 Posts
MyBB 1.4.7 is a security update to the MyBB 1.4 series. It fixes 1 high risk security vulnerability. We recommend everybody upgrades to this release immediately or patch their boards with the manual patching instructions below.
This vulnerability affects MyBB 1.4.6. MyBB 1.2 is not affected.
Thank you to Jesse Labrocca for alerting us of this vulnerability.
heh
 

·
Premium Member
Joined
·
19,572 Posts
Discussion Starter · #18 ·
I have backups of your forums, how much did you lose? Also what day did this happen, I take backups every morning. Give me the day BEFORE all this happened and I will restore it to that time.
well all i need is a full backup of the forums and i will be happy.. after i get the backup you guys can remove the subdomain as i´ve moved most of my data to another place.

Regards
@ruantec
 
1 - 20 of 36 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top