sercurity issue V4.1.4 [Archive]

Nipponowners

08-08-2011, 02:46 PM

guys please help..

Ive got the add-on VSA-Donate on my forum. For some reason (i dont know why) someone is able to acess the vbulletin CP panel and change the paypal adress for my website!

ive changed the password numerous times and ive never given it to ANYONE..

i have no idea what to do, i dont want people to pay the club a donation and it not come to the club if you know what i mean..

i thionk this is a serious security issue and i need it sorting out..

PLEASE HELP ME

regards
dan

--------------- Added 1312819077 at 1312819077 ---------------

the "Hacker" has been able to upload pluin's/addons and change coding....

HELP ME:(

borbole

08-08-2011, 03:03 PM

guys please help..

Ive got the add-on VSA-Donate on my forum. For some reason (i dont know why) someone is able to acess the vbulletin CP panel and change the paypal adress for my website!

ive changed the password numerous times and ive never given it to ANYONE..

i have no idea what to do, i dont want people to pay the club a donation and it not come to the club if you know what i mean..

i thionk this is a serious security issue and i need it sorting out..

PLEASE HELP ME

regards
dan

--------------- Added 1312819077 at 1312819077 ---------------

the "Hacker" has been able to upload pluin's/addons and change coding....

HELP ME:(

Upgrade your forum to the latest version as it fixed such a security issue. Or at least apply the patch.

https://www.vbulletin.com/forum/showthread.php/385133-vBulletin-4.1.3-4.1.4-and-4.1.5-Security-Patch?p=2191617#post2191617

Paul M

08-08-2011, 03:08 PM

What exactly are you saying is an issue ?

If you believe the mod has an issue then I suggest you disabled or remove it, and contact the author to confirm if there really is an issue.

Nipponowners

08-08-2011, 03:30 PM

ive totally removed the plug-in and will have to see what my programmer says. put as i said whoever has done this has been able to add and code plug in's.

i shall update to the latest version and contact the person who made the vsa-donations add-on

thanks for the help

regards
dan

Boofo

08-08-2011, 03:31 PM

Sounds like you might have a rogue staff member.

nerbert

08-08-2011, 05:37 PM

Check your control panel log in Statistics and Logs. Check for unknown names and cross check IP addresses.

EDIT: with this kind of stuff going on you had better have your user id number in undeletable and unalterable users in includes/config.php on the server.