FreeAdz Hacked

Discussion in 'Managing Your Online Community' started by Bandit, Jul 5, 2009.

  1. Bandit

    Bandit Addict

    Joined:
    May 28, 2009
    Messages:
    51
    Likes Received:
    0
    First Name:
    Mark
    Hi guys,

    Yesterday, FreeAdz was hacked by someone called 'DA078!!2@'.

    I have a back up being installed now, but is there any real way for me to protect my forum in the future?
     
  2. Nick

    Nick Regular Member

    Joined:
    Jul 27, 2008
    Messages:
    7,441
    Likes Received:
    218
  3. Bandit

    Bandit Addict

    Joined:
    May 28, 2009
    Messages:
    51
    Likes Received:
    0
    First Name:
    Mark
    They have somehow managed to change psswords, including my own, and they have messed up all the drop down menu's, etc.... My password is not an easy one to break, as it's 9 alpha numeric characters.
     
  4. FullMetalBabe

    FullMetalBabe Zealot

    Joined:
    May 30, 2009
    Messages:
    2,912
    Likes Received:
    339
    x.x Good luck dude!
     
  5. Green Cat

    Green Cat Adept

    Joined:
    May 25, 2009
    Messages:
    102
    Likes Received:
    6
    Good luck with recovering from the backup
     
  6. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    Did anyone else have admin access/ability to change passwords? Just wondering if it could have been an inside job. Good luck getting everything back to normal!
     
  7. Nick

    Nick Regular Member

    Joined:
    Jul 27, 2008
    Messages:
    7,441
    Likes Received:
    218
    But how did they get in and hack? That's my question...
     
  8. Green Cat

    Green Cat Adept

    Joined:
    May 25, 2009
    Messages:
    102
    Likes Received:
    6
    By the way since you use Vbulletin I have a recommendation, for cases like this not to happen anymore.
    In your config.php file you will see this line:
    Code:
    $config['SpecialUsers']['undeletableusers'] = '';
    Just add your user ID and your account will not be editable anymore, so nobody will be able to change your password anymore.

    Edit:
    Also your Admin and mod CPs are at their default locations, you should really rename them for more security.
    To do that still in your config.php file you can find the following lines:
    Code:
    $config['Misc']['admincpdir'] = 'admincp';
    $config['Misc']['modcpdir'] = 'modcp';
    
    Just change the values for something else and then juste rename the directories to the chosen value.
    And I would also add an .htaccess in those directories as well to further password protect them.

    Edit 2:
    And if you want even more security you might also want to move/rename the config.php file as it contains your mysql dbname/username/password.
    To do that open the file named class_core.php (it is also in the includes directory) and find:
    Code:
    include(CWD . '/includes/config.php');
    
    if (sizeof($config) == 0)
    {
    if (file_exists(CWD. '/includes/config.php'))
    {
    // config.php exists, but does not define $config
    die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.');
    }
    else
    {
    die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php');
    }
    }
    
    Now replaces the 2 instances of "/includes/config.php" by what ever path/name you want and then using your ftp client move/rename the file.
    If you do this modification (move/rename the config file) you will need to reedit the class_core.php file after each update.
     
  9. Bandit

    Bandit Addict

    Joined:
    May 28, 2009
    Messages:
    51
    Likes Received:
    0
    First Name:
    Mark
    Nick: I'm still unsure how they got in, but I'm convinced it wasn't a brute force attack, as all the admin passwords were long and random.

    GreenCat: Thanks for those tips. I'll implement them once the back up has been restored.
     
  10. Green Cat

    Green Cat Adept

    Joined:
    May 25, 2009
    Messages:
    102
    Likes Received:
    6
    Your welcome, always happy to help with things I know.
     
  11. torque

    torque Regular Member

    Joined:
    Jun 7, 2009
    Messages:
    735
    Likes Received:
    12
    Location:
    Campbelltown, New South Wales, Australia
    Good Luck my site was hacked after six months of growing large and when i started to really enjoy it - then the site was hacked but i did all the things mentioned above changed admincp etc etc and haven't been hacked since.
     
  12. Chris

    Chris Regular Member

    Joined:
    Dec 27, 2007
    Messages:
    5,422
    Likes Received:
    86
    I'm a bit of a freak when it comes to anything security-related, and as such, I strongly recommend changing your passwords on a weekly basis (if not daily - I've been known to do this). They may be long and random, but that's not always important - change is key.
     
  13. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    How do you remember all those passwords if you change them every week? If you're using an algorithm are you working the date in there somehow?
     
  14. Chris

    Chris Regular Member

    Joined:
    Dec 27, 2007
    Messages:
    5,422
    Likes Received:
    86
    I keep all of 'em in a Word document - it's actually quite handy, and an excellent way of storing these passwords in an organized fashion.
     
  15. Green Cat

    Green Cat Adept

    Joined:
    May 25, 2009
    Messages:
    102
    Likes Received:
    6
    lol Chris I though I was the only one to do that, I also change them on a weekly basis.
     
  16. Chris

    Chris Regular Member

    Joined:
    Dec 27, 2007
    Messages:
    5,422
    Likes Received:
    86
    Nope, you're not the only one. ;) I've been doing so for the past three years.
     
  17. Soliloquy

    Soliloquy Regular Member

    Joined:
    Jun 3, 2009
    Messages:
    2,402
    Likes Received:
    66
    Location:
    New York City
    After this experience I bet Bandit will really focus on security in his Admin Training School :)
     
  18. Nick

    Nick Regular Member

    Joined:
    Jul 27, 2008
    Messages:
    7,441
    Likes Received:
    218
    Good thinking; I'm sure he will devise a class (or lesson -- I'm not sure how he does it) just for security.
     
  19. Bandit

    Bandit Addict

    Joined:
    May 28, 2009
    Messages:
    51
    Likes Received:
    0
    First Name:
    Mark
    Yup, security has now been improved. Although I have since found out that it was one of my junior admins that did it. He messed up all the style templates, deleted some etc..

    So it was an inside job, and not an out right brute force attack.
     
  20. Ryan

    Ryan Regular Member

    Joined:
    May 27, 2009
    Messages:
    522
    Likes Received:
    58
    You can always CHMOD 600 the Config.php
     

Share This Page