OKKKKK so lets say you put in your password.......... Am i fucked?
I'mPoor:(
SoundQubed Is Life.
Just change it, use forgot password and use the one sent to your email
bubbagumper6
5,000+ posts
CarAudio.com Veteran
Unfortunately there are bigger problems on this site than just the phishing page. I warned the admin that the site was vulnerable months ago and got ignored. //content.invisioncic.com/y282845/emoticons/frown.gif.a3531fa0534503350665a1e957861287.gif
I'mPoor:(
SoundQubed Is Life.
that might not be good enough.
bubbagumper6
5,000+ posts
CarAudio.com Veteran
Its the same thing...
I'mPoor:(
SoundQubed Is Life.
//content.invisioncic.com/y282845/emoticons/nerd.gif.c6fa51ddf7ff75f1c0371fbc648f70ae.gif You don't reset your password you use the one they sent you in the email.
bubbagumper6
5,000+ posts
CarAudio.com Veteran
And why would that be any more secure than a new one of your own?
los33
10+ year member
Car Audio G
I would just like to get everyone up to par on whats really going on.
That password page is not a phishing script, it is a shell.
PHP Shell = bash/perl script coded with a php language front end.
The main use for a shell originally was a terminal alternative, but hackers have made it into a hacking tool to gain access to the server and server directory.
The faag hacker ak47 used the exploited vaulnerabillity in quotes.php to inject the shell code allowing server access..
As you may have noticed he gained access to goobs account meaning he has access to the forum database and changed the password manually.
All your info, emails that are on this forum are in the hackers hands now.
As far as getting it fixed if you did not notice goob im guessing attempted to roll back the forum database using an old backup, but it did not update the vbulletin files.
As far as exploits there are multiple vaulnerabilities due to goob adding insecure mods & leaving file permissions set incorrectly.
He has not even tried adding vbulletin security updates so really it does not matter as this site will continue to be hacked.
That password page is not a phishing script, it is a shell.
PHP Shell = bash/perl script coded with a php language front end.
The main use for a shell originally was a terminal alternative, but hackers have made it into a hacking tool to gain access to the server and server directory.
The faag hacker ak47 used the exploited vaulnerabillity in quotes.php to inject the shell code allowing server access..
As you may have noticed he gained access to goobs account meaning he has access to the forum database and changed the password manually.
All your info, emails that are on this forum are in the hackers hands now.
As far as getting it fixed if you did not notice goob im guessing attempted to roll back the forum database using an old backup, but it did not update the vbulletin files.
As far as exploits there are multiple vaulnerabilities due to goob adding insecure mods & leaving file permissions set incorrectly.
He has not even tried adding vbulletin security updates so really it does not matter as this site will continue to be hacked.
los33
10+ year member
Car Audio G
With how the admin is running the site, yes...
administrator
“Horrible Admin”
I'm confirming the popup box again, but I was told it was put in for an extra layer of protection when accessing your account.
Activity
No one is currently typing a reply...
Similar threads
About this thread
- Start date
- Participants
- Who Replied
- Replies
- 74
- Views
- 9,108
- Last reply date
- Last reply from
- CheЯRyMan
