PDA

View Full Version : Someone has my database. MD5 to text possible??

Lautaro
05-31-2009, 12:49 AM
Hello,

A hacker has stolen my forum database, its a vBulletin 3.8.2 and he showed me a screenshot of the table 'users' where the password is shown in MD5, so my question is. Is that person going to be able to convert the MD5 to text and know the passwords of all the users of my forum???

Also, I'd like to know how I can prevent people who is IP banned from using proxies and being able to access my forum.

Also if its possible, I would like to reset all members passwords and send them their new password by email so only the owner can view his/her new password by checking his/her email.

Thank you.
Dismounted
05-31-2009, 03:43 AM
A hacker has stolen my forum database, its a vBulletin 3.8.2 and he showed me a screenshot of the table 'users' where the password is shown in MD5, so my question is. Is that person going to be able to convert the MD5 to text and know the passwords of all the users of my forum???
Yes - it is possible, but not without a lot of work (unless your users have really weak passwords).
Also, I'd like to know how I can prevent people who is IP banned from using proxies and being able to access my forum.
It is quite impossible to block all proxies.
Also if its possible, I would like to reset all members passwords and send them their new password by email so only the owner can view his/her new password by checking his/her email.
AFAIK, you will need a modification to do this. I don't know if such a modification exists.
COBRAws
06-05-2009, 09:53 PM
AFAIK, you will need a modification to do this. I don't know if such a modification exists.

Or he could set all usergroup passwords to expire in 1 day. Anyway, that wont prevent a sript kiddie to login with those passwords.
Dismounted
06-06-2009, 05:04 AM
Or he could set all usergroup passwords to expire in 1 day. Anyway, that wont prevent a sript kiddie to login with those passwords.
I thought of that - and you've stated why I didn't suggest it. :)
Lautaro
06-08-2009, 10:48 AM
Well, the problem seems to be fixed now. somehow the forum IP banning wasn't working and the hacker till had access to the forum but what I did was IP banning him using a cPanel option..

I just mass PMed my users telling them to change their passwords.