If you run a big website it’s almost bound to happen to you at some point or another, we’ve (Vauxhall Owners Network) been hacked before, it’s normally just something like the index file getting replaced with some hacking groups logo, but this time they actually started messing with settings within vbulletin to edit templates with the goal being to replace the Google publisher ID to their own!
This went on for about 4/5 days on and off as I couldn’t work out initially how they’d got in, but with the help of Tim from Nimbus Hosting (the hosting company that looks after VxON) he found an exploit within one of our plugins! We removed the plugin and eradicated all the security holes. Here’s some tips how to do the same.
Make sure your copy of vbulletin is up-to-date with the version and latest patches – Hackers will look for known exploits, don’t make it any easier for your site to be compromised.
Update your plugin’s and hacks for vbulletin – this is ultimately how we were hacked, we had an older version of VBSEO, this was then exploited and various backdoors installed.
Ensure your passwords are secure – It’s very easy to think that ‘no one will guess my password’, I was probably naive enough to think so too as I’d got a couple of words not often used together with some numbers, that is still brute-forceable.
A tip the IT guy at my work gave me was to perhaps think of a centance or combination of words, then use the first two or three letters of those interjected with some numbers and special characters. This was it’s easier to remember, but still nice and secure (I.e. My Dog Has a Brown Nose could be MDoHaABrNo*53).
Get the admin / mod team to do the same, and check that your MySQL password is also secure.
Password protect your admincp directory – Use .htaccess to add another layer of security, there are plenty of guides available on how to do this, you might even have the option built into your hosting control panel (with Nimbus we use Plesk that lets you simply ‘Password Protect’ directories). Make sure this password is different to your vbulletin login.
Rename the folders for your Admincp and Modcp for vbulletin – You can call these what you like, so long as you then rename the paths within the config.php file
Comment if you’ve got any questions!