What security measures do I or can I take to keep this from happening again. Someone got into my VB and added themselves as a administrator then emailed me a list of users and their passwords. I password protect my site to begin with. I need to know what to do.

Thanks in advance.

I thought passwords were one way encoded, so how could they e-mail them to you, even after getting access - are you sure it was genuine and not just a hoax ?

ronster1,

What version of vBulletin are you running?
I see you have your forum behind a htaccess allready, but it might be a good idea to have a seperate htaccess to your admincp and modcp directories.

Also, it might be good to change all your cpanel/plesk/FTP/SSH/Telnet passwords.

I thought passwords were one way encoded, so how could they e-mail them to you, even after getting access - are you sure it was genuine and not just a hoax ?
Passwords are double md5'd with a salt in vB3, and md5'd in vB2. So yeah, there is no retrieving the original password.

How secure is the box you're hosted on? Is it kept up to date? Does it need patches?