|
Hacked - Someone made themselves admin... Okay today I got notified by my member that someone had made themselves Admin on my site (http://darkztar.com/) The users email was later found on this list by googling: http://archives.neohapsis.com/archiv...bugs.users.txt This is a list of users that were registered on pakbugs.com (a Pakistani hacking site).. I've googled* I've looked on milw0rm and security-sh3ll and I couldn't find any vB 3.8.4 exploits.. I've did some custom scripts on my site* but I'm kinda pathetic with security so I'm patching everything with mysql_real_escape_string and I'm 99% sure there's no way they could have uploaded a shell.. So what would be places to look for.. Like if I wish to find this obvious hole in my security? I'm almost certain it's a SQL injection caused I've checked the admin logs and there's none where the users usergroup have been changed* it must have been done through SQL.. And I couldn't access all the RAW ACCESS data logs* so I couldn't find any obvious injections (I've searched for UNION* UPDATE* SELECT but none were found in the logs I did have access to..) So any help here would be nice or if you've heard about a recent exploit :) Thanks in advance! |
| الساعة الآن 01:08 AM |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By
Almuhajir