Vbulletin Vulnerability - Got Hacked - What Now?

[Siberian H.E.A.T.]

Hey all, first time post here, been with TCH for over 6 months and have no complaints! I wanted to share a recent experience of mine with VBulletin 2.3.2 as I was hacked a couple days ago with an apparent MySQL injection. The problem is easily prevented by using the latest point release of the BBS, but due to some custom code on my board I had trouble upgrading in a timely fashion. I strongly recommend that anyone running it double check their version.

 

My main question for those in the know is what do I do now? I've repaired the damage and I'm humming along again, but is there any recourse I have against the person who did it? I've looked at my log files and I can see pretty clearly that this person (IP address) was accessing the admin portion of vbulletin when he shouldn't have been. I've reported the IP addy to TCH support ticket system, but all they did was block the IP. Thats fine and all, but a part of me wants to at least tell the culprit's ISP about the event. Has anyone else had to go through this?

 

Much thanks to TCH for helping me get my board back up by re-uploading a good MySQL backup.

 

Thumbs Up

[TCH-Rob]

You may contact the abuse department at his ISP and provide them with all of the information you have and they "may" be able to do something to help you out. I might not hold my breath though.