Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Forum was hacked with 1.1.8

PhebusPhebus
edited September 2010 in Vanilla 1.0 Help
I don't think I ever updated my forum after I intially downloaded it and had been using 1.1.4 for the longest time. A couple weeks ago the spacing of the forum became messed up and I was receiving a parse error for one of my extensions. I looked into it and the default.php for nearly all extensions had been modified at the same time (a day or two before). It looked like there is some kind of java script embedded in all the files. I grabbed an old backup I had of the forum and overwrote all the changed files. This happened maybe two or three times, each time it would list a different extension as causing the parse error (once it was nuggets, then cleveredit, now it is quotations). Then I upgraded to 1.1.8 (making sure that I copied all the files listed in all the upgrades since 1.1.4). Everything was fine for a couple days but now the exact same problem is back. When I view the site on my iPhone I actually see 25% of some porn advertisement, but I was never able to see that with IE on my PC. Did I upgrade wrong and leave some vulnerability? Should I backup my database, delete the entire site and perform a fresh install?

Comments

  • DinoboffDinoboff
    If they have write access to your server, it will happen again. You should contact your provider and let them know that something is injection some JavaScript in any file named default.php. On your side, do a back-up of your files and DB. Check recent row to see if they touched DB but I guess it should be ok. Then change all your passwords and reinstall Vanilla.
  • Vinny788Vinny788
    All I can say is do what Dinoboff said and back up your database and files. Hopefully they won't attack you anymore but just be ready. Best of luck to you, Phebus.
  • PhebusPhebus
    Thanks guys. The hacker was actually able to FTP into the server. That would fully explain how they were able to inject the java into the files. Someone else with admin access must have had some mal-ware of some kind on their computer and were only using FTP rather than FTPS or SFTP. Ridiculous stuff but I'm glad it wasn't Vanilla, I love this software. Thanks again.
  • Vinny788Vinny788
    Awesome, glad you got it all sorted out. Hopefully the other admin had nothing to do with it.
Sign In or Register to comment.