Geeklog Forums

Hello all,

I've been hacked big time. I'm wondering if anyone here can help me track down who did it. They wiped all the files off my server and left just the directories. I don't have shell access to my acct so I know it wasn't done that way. Could a script do that. I was running the last version of 1.8sr4 or 5 and was about to upgrade to the latest 1.4 was their any large vulnerabilities that would allow this kind of access?

Thanks,

Shane

---

Shane | www.EyeCraveDVD.com

If they had access to all those files, it had nothing to do with the vulnerabilty of Geeklog but with your webserver/hosting account...hope your backups are recent and OK. Good luck!

---

Dutch Geeklog sites about camping/hiking:
www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net

The issue that was addressed with Geeklog 1.4.0sr1 and 1.3.11sr4 allowed remote code execution and we know of at least two other sites that have been hacked exploiting that vulnerability.

bye, Dirk

Maybe it is simply a problem with your hoster? Did you have any other scripts like phpBB running?

Thanks for the email dirk. There was no code in the error.log, but late after I posted this I think I discovered how they got in. It was through a hole in my older version of vBulletin. It has a remote exucution vulnerability which they used and the reason how I know is they altered the db user table and changed my email address to theirs.

I've upgraded it and will be upgrading to 1.3.4sr1 as well.

---

Shane | www.EyeCraveDVD.com