DH350nWo
01-18-2008, 05:59 PM
Ok. I just had one of my admins depart my forum. Upon departing he deleted his accounts and the such, but some how he has a "backdoor" allowing him to come in and post under guest accounts. He also has gone so far to read users PMs somehow. I know he has read PMs for a fact because he quoted one of my PMs verbatim.
I really need some help here because my security has been breeched and I am suffering losses because of this. vBulletin Version 3.5.4 I have tried everything I can think of. IP bans both on the forum and server side do not work. My host is unwilling to help and is a friend of the man damaging the forum. I could really use some help here.
Throw some ideas to me that might help me fix this problem and possibly rid me of this nuisance. This is causing me a great deal of stress.
DH350nWo
01-18-2008, 11:43 PM
To add to my nightmare, he has entered a post that cannot be deleted. Everything shows it as post id=0, but it is on EVERY thread in my forum. Cannot be deleted, cannot be edited, and I am having a hell of a time tracking it down through the style manager. Some one please help me this is driving me nuts, knowing that some malicious a$$ is laughing at me.
DH350nWo
01-19-2008, 12:08 AM
Would love to but no money.... I am on my own on this..... updating is not an option. I have to fix this on my own, with some help from this place. I hope.
Dave A
01-19-2008, 10:52 AM
It sounds like he might be jacked straight into your database. Did this guy have access to more than the vB Amin panel?
If so, change the name of db, username and password for the db, update your vB config file. Check for undeleteable user accounts in the config file while you're about it.
Once you're done with that and got everything working, delete the old db username account because it might also give access to your cPanel.
Change passwords for server access. Check for additional user accounts.
You can try a table repair from the vB Admin CP for that post 0 problem, or you might have to delete post 0 manually in the db. But I wouldn't trust my own advice as to how to go about that.
Backing up before you start might be a good idea...
DH350nWo
01-19-2008, 03:27 PM
It sounds like he might be jacked straight into your database. Did this guy have access to more than the vB Amin panel?
If so, change the name of db, username and password for the db, update your vB config file. Check for undeleteable user accounts in the config file while you're about it.
Once you're done with that and got everything working, delete the old db username account because it might also give access to your cPanel.
Change passwords for server access. Check for additional user accounts.
You can try a table repair from the vB Admin CP for that post 0 problem, or you might have to delete post 0 manually in the db. But I wouldn't trust my own advice as to how to go about that.
Backing up before you start might be a good idea...
Did have access to the cpanel from what I can tell.
Yeah all the passwords have been changed, not only on the vB side but also on the cPanel side. I will look into getting those updates done soon. I have looked through the admin panel I I cannot find any other accounts that have access up front but I will be looking deeper into the backend and the admin panels to see what else is going on. Right now the host is the only other person that can (as far as I can tell) get to the db.
So damn frustrating.
DH350nWo
01-26-2008, 07:11 PM
Well he is back. I dunno where to look for this. I am starting to really stress out over this. It has been bad for traffic, and it makes my forum look like a joke. The guy that hosts my forum, hasn't been much help. I would like to find this exploit before I move my forum to a new host just to be sure that this will not happen in the future. I am having a really hard time finding the exploit and the hole that this is coming from.
Someone please help.
DH350nWo
01-27-2008, 01:19 PM
Here is a link to one of the threads (note that every thread has the same first post): http://www.overtorqued.net/showthread.php?t=27967
Note that although it is the first post is registers as http://www.overtorqued.net/showpost.php?p=0&postcount=1 which does not actually "exist" according to vBulletin. Maybe this will assist in troubleshooting
MuscleManiac
01-29-2008, 03:58 AM
Seems to be a big problem...have you alerted your member base that this idiot is doing this to you?
Also I'd swap hosts ASAP...am willing to host you for nothing if that helps.
Kind Regards,
Nick
Dave A
01-30-2008, 12:16 PM
vB Version 3.5.4? I'd think about upgrading...
BTW - They're posted under your username - have you tried editing the post?
