Hi , I come home this afternoon to find that someone has changed my admin password and is logged in with it. Immediately I thought it was because I've had html enabled on my board , so the first thing I did was to de-activate it in each forum on there and disable it from signatures.

Is there anywhere else that I can / should disable it from ? I'm kinda lost here on this one , never thought I would have that problem , but here it is.

any help and suggestions appreciated.

What version are you using?

What hacks do you have?

Do you have other admins? Is you admin account unchangeable by other admins?

HTML is a bad idea as some code can be used to harvest cookie passwords.

What version are you using? 2.2.6

What hacks do you have?
LeSane's Store - vbquiz - awards hack for store - arcade

Do you have other admins? yes

Is you admin account unchangeable by other admins?no

HTML is a bad idea as some code can be used to harvest cookie passwords.

upgrade immediately to vb2.3.2, as there are a lot security holes below 229.

Update the Storehack, too.
There was also a big security hole in the old versions.

.htaccess your admin directory too :)

.htaccess completed

and get this , the guy just did it AGAIN but I caught how he did it :

through a donation in the store

if I upgrade the store , will it patch that ???

Yes:
https://vborg.vbsupport.ru/showpost.php?p=436467&postcount=2423

.htaccess completed

and get this , the guy just did it AGAIN but I caught how he did it :

through a donation in the store

if I upgrade the store , will it patch that ???
yes, but it'll just close the hole in the Store Hack.
There are other possibilities, too, so you should really upgrade the whole board

k , well , in process of entire upgrade now.

There you go. :) The vB.org community saves the day once again... ;)

yea , i love this place , if it weren't for vb.org , i wouldn't have re-done my forums.

Now , just how safe is this new store ? We need a points system , one that is simple to add and subtract points from users , and I don't wanna go through this again. Any suggestions ?

The new store is safe :)

kool , new store installed , thanks guys , i appreciate all of you ;)

just wondering what did you do with the user and did they get a backup of your database ?

ADMIN LOG ?

just interested as i had the store hack back then and people found lots of holes to change things i never wanted them to do lol (but i heard the store hak is now security tight :))

i caught him just as he got it and locked the server down , booted him out , checked admin logs , he didn't have time to do much at all , just didn't want to fight that constantly ya know ;)

i caught him just as he got it and locked the server down , booted him out , checked admin logs , he didn't have time to do much at all , just didn't want to fight that constantly ya know ;)
You may want to back up your data, and restore your server, and restore the backup, just in case. You never know what the hacker has installed - a backdoor or trojan.

I wiped it and did a new database ;)