Database stolen :(

Status
Not open for further replies.

Pretender

Member
22
2009
0
0
Hiya,

Today i found out that my forum was hacked and my database is for sale on digitalforum..
It looks like i was the victum of the vb bug, not sure if it was hacked before or after the upgrade to 3.8.6 PL1..

My question is, how can i check that my forum is secure for future hacks.
I did the following things:
- Reuploaded the PL1 version and did the upgrade again
- Changed the DB Password
- Changed Admin passwords
- Added .htaccess protection admincp and modcp.

Anyone more suggestions or a check so it can't be stolen again?

Thanks.

Pretender
 
9 comments
There was a bug about showing database details, in faq.php. If you upgraded to latest 3.8.6 , it should be ok. Just email everyone that changes their passwords, he can only use mail list. Nothing else.
 
Hate to turn this into another one of those "IPB ftw / VB ftw" threads but vB does have a history of security issues and will probably continue to unlike IPB. It's a huge amount of work but you could consider upgrading to IPB.

As for securing your site Litewarez has a great security thread that pretty much covers everything. http://www.wjunction.com/showthread.php?t=21057
 
Well people told me that VB4 had to many bugs and recommended me to stay at VB3.. Well i changed a few things, hopefully it won't happen again..

I'am almost certain that the bug in the faq.php caused the problem.
 
Status
Not open for further replies.
Back
Top