Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

My Vanilla was hacked

HTHT
edited September 2007 in Vanilla 1.0 Help
The hacker had gain access to my site, change preferences and was be able to lock out some of the users. I did come in in time and change the preference back before further damage. I have no way to track him down and don't know it he still can get in or not. The site is not secure anymore and I was wondering what can i do to track him, secure the site by using software? security monitor,... Do you have any recommendation. (i'm running the site with godaddy, PHP and MySql)

Comments

  • Options
    Your host should be able to help you work out how they got in by analyzing the httpd access logs. Are you running any other software or anything on your domain? If there's a serious weakness in vanilla it would be very useful to know about it so I'd suggest getting in touch with godaddy asap and seeing if they can give you any information.
  • Options
    ...and change all admin and DB passwords ASAP!

    Posted: Sunday, 16 September 2007 at 10:30AM

  • Options
    edited September 2007
    Which version of vanilla do you use? which extensions are installed?
  • Options
    It could be that either he got access to your webpanel account and done everything through there or perhaps accessing phpMyAdmin (basically.. your database) - replacing the admin password hash with one he generated and logging in to do whatever he wanted. It could just be simple as him guessing the password. Make sure: - Only you and trusted memebrs have access to your host's webpanel or the database. - You and your staff have passwords which cannot easily be guessed. Hope that helped. Good luck.
  • Options
    I believe there's a least one xss hole in vanilla 1.1.2 (not including extensions), maybe he exploited that (assuming by 'site' you mean 'vanilla forum')?
This discussion has been closed.