To my surprise at about 5:30 today someone gained access to one of my admin's accounts. They edited my account so I wasn't an admin anymore. I quickly edited the database and made myself an admin again. I changed some things back that the hacker messed with. (my advertising banners, and site name) At this point I had to go to work.

When I got home from work at about 1am my other admin's name was taken, and the same was done as before. He put 'their' banner on the top of the page both times and said "LHK Ownz" or something. I changed everything back again and added some heavier security this time. Also got some IP's of the names. One looks like a proxy and the other is an AOL IP.

This was the banner he displayed on my site:
http://www.angelfire.com/ca6/monkeeyz/lhk.jpg

So how could two seperate accounts be compromised? I'm running v 2.2.8 so all passwords are encrypted. They did not gain access to the backend of the site or the database itself. Just the vB control panel.

:ermm:

Can anyone offer a little insite as to where the security breech could be?

maybe bruteforce? or do you have another admin or two? they may know one of their passwords.
BTW what a lame name leet hackers krew :|

But...

If they knew the password for a third admin's account and they used that to gain access to the ACP, this still wouldn't let them get the password to tpearl5's primary and backup admin accounts.

I gather he's already checked the adminlog, so he knows which admin accounts the hacker[s] used to log in.

Not to sound off my own hacks, but I have a few vB security hacks you could install, to try and prevent this;):)

Satan

Very odd. Make sure you disable all other admin accounts, and that getadmin.php is not anywhere on your server.

Best thing to do is maybe keep yourself an admin only, as you can just re-admin yourself via the database. This can limit the access if they've cracked one of your admins accounts passwords?

That probably didn't make sense. =/

Passwords are a killer ... sometimes member join other forums and use the same passwords from another. This looks like the case with your forum. If remembering passwords are a pain in the butt for some of you, here's a free program that I reccommnd to all of my members (RoBo Form): http://fileforum.betanews.com/detail.php3?fid=1014298205

Also, one of the guys in the Full Release Section created a very nice password changer hack that requires all members to change their passwords after a period you can define. You don't have to have all members change then, but you can make it a requrement for your staff to change their passwords.

For added saftey, it would be best to make it so that each password contains numbers and letters, and require that they are at least 6 characters. :)

Yet another fact to enforce the rule that you should never have another administrator :)

Indeed:)

Chris

Today at 10:44 AM filburt1 said this in Post #8 (https://vborg.vbsupport.ru/showthread.php?postid=397133#post397133)
Yet another fact to enforce the rule that you should never have another administrator :)
Agreed. I have 2 other admins on my site, but once vB3 is out, they will be cut down to mods. ;)

I am the only Administrator, but I have one Co-Admin (Arunan), and soon to be another Co-Admin, my current SuperMod cillianok:)

As a rule, 1 guy in charge works better;)

Satan

Also, perpetually be up to date on vB versions and never install a hack unless you absolutely need it. :)

.htaccess the admin cp dir :)

- miSt

You can have all of the admins you want ... just be smart about the way you administer your passwords. Change them often ... that's the trick.

So there's no other way to get in? The only possibility is by using an admin password?

get avg anti-virus and make sure there isn't a trojen sitting on your system.

Today at 12:44 AM filburt1 said this in Post #8 (https://vborg.vbsupport.ru/showthread.php?postid=397133#post397133)
Yet another fact to enforce the rule that you should never have another administrator :)

I would have disagreed with you a few months ago but I've learnt my lesson.

I have 8 other Senior Admins, but they have a very restricted Admin CP, and cannot add or remove other Admins. I am in my own Founder usergroup, with full privileges. Also, .htaccess password-protect the admin directory like someone else said.

Today at 02:20 PM Erwin said this in Post #18 (https://vborg.vbsupport.ru/showthread.php?postid=398056#post398056)
I have 8 other Senior Admins, but they have a very restricted Admin CP, and cannot add or remove other Admins. I am in my own Founder usergroup, with full privileges. Also, .htaccess password-protect the admin directory like someone else said.

Same kind of thing as me (hence my Lesser Admin CP hack);):p

Besides - Your board isn't hellsatan-proof Erwin;):p

Satan

I have other 3 other admins on each of my sites, all of whom are people I know in real life and see on a regular basis.

On the off chance that someone got into my sites like that, I still don't worry about it, since everything is backed up to tape drives on a nightly cycle. The worst thing that could ever happen is a loss of 23 hours worth of data, if a hack occured right before the nightly backup. :)