Hello,
I have a vBulletin forum 4.2.1 .
It is about Table Tennis.
Unfortunately last week all our community members (about 5000 users) have received emails from some guy who owns a Table Tennis Hall, regarding some Competition there...
He has an account on my forum and he registered there with the email responsible for the spam.
I think he hacked our database and extracted all users' emails so he can promote his business.
I must specify that send mail function is disabled for all users in our forum.

What can I do?

Check server logs by getting in touch with your host if needed

Send in an abuse report to the email service. As he is using it in violation of his signed agreement with them.

If for example it is johnsmith @yahoo.com Then send a copy of the spam email along with the headers to abuse@yahoo.com Naturally use the name of the email account, if it is not yahoo.

Just put the word abuse in front of the name as above.

I mean, it is possible for any user (no moderator or admin) to extract emails from vBulletin DB? (last version)
Can we somehow secure the database?

The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.

The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.

I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.

I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.

Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs

Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs

Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.

Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.

Talk to your host about making things more secure. You can secure your forums more if you need help with this pm me will be happy to help u for free