Hi,

We have purchase vBulletin (we are actually under version 2.3.0) but now we got a very critical problem, someone (a hacker i think) is now able to access to our customer account and can change their signature, email, etc...

Do you know this problem and do you have a patch witch can solve it ?

Thanks

Hi

do you really think, that the "hacker" has hacked your vb via an exploit? i think an admin has an simply guessable password ...

cu

vB 2.3.0 has no security issues that is known.

Ok, my administrative password is pretty hard to guess (letter + numbers + extra characters)

Have you any idea of how a hacker can access to my users data ?

I've heard about a flash code that allow to read user's cookie, do you know this problem ?

In fact this "hacker" change the user signature and write some diffamous post.

After that he change the user email adress and password so the user cannot reconnect and is marked as "user awaiting email notification".

Excuse me for my poor english (i'm french)

Its more than likly that the "hacker" has just obtained the users password, without any real hacking. Make sure you have HTML turned off everywhere (Sigs, PM and Posts). If you have an IP for them then report them to their ISP.

Ok thanks i will turn off HTML