Newb1e Posted January 18, 2005 Posted January 18, 2005 Hi all, Unfortunatley I woke up today to find my site and forums had been hacked and the person had left behind his "tag". As far as I know they didn't cause any damage. Fortunatley everything seems to be ok again, but how can I prevent this in the future? What kind of measures can be took? Please help! Edit: I just did a search and found some extra info on the matter, is it possible for me to find out the hackers IP? I read in another thread that you can check the logs but how would I do that? Quote
TCH-Rob Posted January 18, 2005 Posted January 18, 2005 In your cPanel you should have a raw access logs section that you can download and view in a text editor to try and determine where it was coming from. What board are you running? Quote
MikeJ Posted January 18, 2005 Posted January 18, 2005 For starters, make sure your software is up to date. I believe you are running vBulletin, so make sure you upgrade to the latest release which just came out (Jan 7, 2005) and is considered a critical update due to security vulnerabilities in previous releases. Any software you actively use for your website you should keep pretty up to date. Anything that you have installed that you do not use, you should remove. The main thing you will want to look for in the weblogs is how they compromised your site. The ip address they did it with will rarely be beneficial to you as 99.9% of the time that address will just be another compromised site the hacker used. If you have a pretty active site, unusual activity will be harder to find in the log. If you know roughly when the site was defaced, you can look at the activity leading up to that time. Quote
Newb1e Posted January 18, 2005 Author Posted January 18, 2005 Thanks for thr replys guys, I'm going to check the logs right now so I'll let you know how I get on. And yes I use vBulletin 3.0.5, but before the hacking attempt I was using 3.0.3 which indeed did have the security issue. Quote
Newb1e Posted January 18, 2005 Author Posted January 18, 2005 ok, I downloaded the Raw Access Log from cPanel but all I got was an ms-dos application .exe (842 mb ) and when I try and use it it just instantly closes itself down, how do I use it? Quote
schussat Posted January 18, 2005 Posted January 18, 2005 ok, I downloaded the Raw Access Log from cPanel but all I got was an ms-dos application .exe (842 mb ) and when I try and use it it just instantly closes itself down, how do I use it? <{POST_SNAPBACK}> This happens when Windows mistakes the .com extension in your domain with an actual file type; so, accesslog-**** looks to Windows like an executable file. Open the file up in a text editor and it will work fine. If you want to open it directly from windows explorer, you probably will need to rename it with a .txt extension. Quote
annie Posted January 18, 2005 Posted January 18, 2005 Notepad can't open really big files (or at least couldn't in the past). I suggest you use something to reduce the size of the log, say to one day at a time. I use a browser to look at logs, and I reduce their size by some well chosen include words in TextHarvest. Quote
TCH-Bruce Posted January 19, 2005 Posted January 19, 2005 If you are using XP you should be able to open the file with Notepad no problem. Quote
MikeJ Posted January 22, 2005 Posted January 22, 2005 Make sure you upgrade your vBulletin again as another security vulnerability was discovered and patched: http://www.vbulletin.com/forum/showthread.php?t=127027 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.