2012-11-13, 10:15 PM
2012-11-14, 05:27 AM
(2012-11-13, 06:20 PM)Paul H. Wrote: [ -> ](2012-11-13, 02:35 AM)Joker552 Wrote: [ -> ]He did nothing. I checked the admin log there's nothing new, basically everything I did from last night til today. The hacker tried to log in to the ACP but couldn't because after 5 fail logins the ACP got locked.
I have secret pin at the ACP so he didn't access the ACP at all.
You weren't hacked then... he was locked out and no harm was done, am I right?
No you are partially right. This is what exactly happened.
The hacker compromised my account but was not able to log in to my admin control panel because it requires a secret pin.
2012-11-15, 03:36 AM
(2012-11-13, 03:51 AM)Joker552 Wrote: [ -> ]Forgot to mention. Shared hosting and how do I find out the second part?
Also, what do I do now to make sure my members and site is safe?
He probably purchased shared hosting on the same Server you are hosted on, and used a Shell to get your DB Config.
Then he just logged in via a MYSQL Manager program or PHPMYADMIN and dumped your Database.
Which is the reason why there are no logs, and how he was able to get your password without bruteforce.
I've done this in the past (To test the security of my servers), and if your server has the Symlink function enabled, then I gurantee he used this method.
2012-11-15, 05:33 AM
He didn't dump the database.
2012-11-21, 07:10 PM
(2012-11-15, 03:36 AM)imtiax Wrote: [ -> ](2012-11-13, 03:51 AM)Joker552 Wrote: [ -> ]Forgot to mention. Shared hosting and how do I find out the second part?
Also, what do I do now to make sure my members and site is safe?
He probably purchased shared hosting on the same Server you are hosted on, and used a Shell to get your DB Config.
Then he just logged in via a MYSQL Manager program or PHPMYADMIN and dumped your Database.
Which is the reason why there are no logs, and how he was able to get your password without bruteforce.
I've done this in the past (To test the security of my servers), and if your server has the Symlink function enabled, then I gurantee he used this method.
Soooo, for those of us less knowledgable....
how do you block such activity and still maintain functionality?
2012-11-27, 02:58 AM
(2012-11-21, 07:10 PM)miscbyproduct Wrote: [ -> ](2012-11-15, 03:36 AM)imtiax Wrote: [ -> ](2012-11-13, 03:51 AM)Joker552 Wrote: [ -> ]Forgot to mention. Shared hosting and how do I find out the second part?
Also, what do I do now to make sure my members and site is safe?
He probably purchased shared hosting on the same Server you are hosted on, and used a Shell to get your DB Config.
Then he just logged in via a MYSQL Manager program or PHPMYADMIN and dumped your Database.
Which is the reason why there are no logs, and how he was able to get your password without bruteforce.
I've done this in the past (To test the security of my servers), and if your server has the Symlink function enabled, then I gurantee he used this method.
Soooo, for those of us less knowledgable....
how do you block such activity and still maintain functionality?
Get a real host that protects against such things, or doesn't give shell access to people without an id of some sort.
2012-11-27, 04:53 AM
This is off-topic, but that's a hell of a lot of plugins you've got installed.
2012-12-02, 09:30 PM
To secure your site completely, I recommend buying a VPS with 1GB Ram, and setting up cPanel/WHM (If you really need it),
Or you can just install Apache and PHPMYADMIn, and in PHP.INI
in disable_functions put
That will block pretty much any method for them to hack you.
You can take additional security steps and disable SSH, (So no one can hack you), and access your VPS via Console when you need to make changes
Here is my PHPINFO on my dedi for my site.
http://imtiax.net/phpinfo.php
To hide your Servers REAL IP, you can use CloudFlare
Please read my guide: http://community.mybb.com/thread-130340.html
Or you can just install Apache and PHPMYADMIn, and in PHP.INI
in disable_functions put
Quote:exec,popen,pclose,php_eval,safe_dir,zend,g lob,root,ftok,posix_access,egy_perl,symlink, ini_restore, shell_exec, passthru, error_log, ini_alter, dl, openlog, syslog, readlink, symlink, link, leak, popen, escapeshellcmd,proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, escapeshellarg, pcntl_exec, exec, passthru, popen, wscript,apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec,system, xmlrpc_entity_decode
That will block pretty much any method for them to hack you.
You can take additional security steps and disable SSH, (So no one can hack you), and access your VPS via Console when you need to make changes
Here is my PHPINFO on my dedi for my site.
http://imtiax.net/phpinfo.php
To hide your Servers REAL IP, you can use CloudFlare
Please read my guide: http://community.mybb.com/thread-130340.html
2012-12-02, 10:58 PM
@imtiax - Remove eval from that list and you're okay.
2012-12-03, 12:22 AM
Everything works fine with Eval Disabled, I have a vBulletin and a myBB forum running on it
http://www.imtiax.net/ - myBB
http://www.runegalaxy.net/ -vBulletin
I've never gotten any errors, but can you explain what eval does for myBB?
http://www.imtiax.net/ - myBB
http://www.runegalaxy.net/ -vBulletin
I've never gotten any errors, but can you explain what eval does for myBB?