I have posted a picture of a regular member logging into a ton of accounts. We had a page up saying hacked by RootX@hotmail.com. I am not pulling cords and i'm not playing a joke. I am offended that someone would go this extent to tear my name down even when i posted proof. Like i said he won't give me the exploit. Part of the reason he won't give it to me is because i banned him for 7 days. I'm sorry but if you don't believe me then find out the hard way one day.

You are blaming a hack that only caught what was going on, not causing it. That picture is not proof of any kind. It is only proof that this hack is working as intended. Do you honestly believe this clown is going to steer you in the right direction of the actual exploit so you can block it? Wise up, man.

I might even get the owner of the server i was on to come and back me up. Not only did he have access to my site, but he deleted cpanel, he messed up whmcs, and he replaced every and i mean ever index.php/html/etc, on the server.

all it takes is one shell to be uploaded and he can take over everything and i mean everything.

lol i'm without any words about this ... so 2 thousand users that have already installed this add-on are lucky or idiots? c'on ....

I have changed his name to a friendly name on aim so no one can pm him telling him that i mentioned that he had an exploit for this. But this is the conversation i had with him it's 1:22 central time as i post this.

NEO (1:11:12 PM): lolz
soulweaver2006 (1:11:18 PM): ok
NEO (1:11:22 PM): Thats german
NEO (1:11:29 PM): to that song
NEO (1:11:30 PM): fortuna
iDeVoUrEdu1337 (1:11:42 PM): very nice man that kids a ++++ing jackass glad you took it down
NEO (1:11:55 PM): lolz
NEO (1:12:00 PM): kid was a 16 year old wannabe
NEO (1:12:09 PM): that ran his mouth a little to much
iDeVoUrEdu1337 (1:12:10 PM): lol yea i hear that
iDeVoUrEdu1337 (1:13:35 PM): i am going to school for networking and all that good stuff and i have been hacking for awhile
NEO (1:13:44 PM): lolz
NEO (1:13:53 PM): I don't hack for serious notes, i hack to prove i can "/>
NEO (1:13:55 PM): for fun
soulweaver2006 (1:14:00 PM): lol
soulweaver2006 (1:14:01 PM): ass hole
NEO (1:14:02 PM): Ruining peoples lives in my main goal
NEO (1:14:06 PM): is*
NEO (1:14:26 PM): btw soul
NEO (1:14:38 PM): Chmod my deeznuts, and you can execute them "/>
iDeVoUrEdu1337 (1:14:42 PM): yea i got banned from my friends house for hacking his older brothers network b/c he thought i was talking out of my ass
soulweaver2006 (1:15:06 PM): yo
soulweaver2006 (1:15:08 PM): neo
NEO (1:15:15 PM): i hack my own site to find vulns
NEO (1:15:16 PM): and shit
soulweaver2006 (1:15:25 PM): can we have that exploit for the ae detector
NEO (1:15:30 PM): Lolz..
NEO (1:15:33 PM): Naw dawgy
soulweaver2006 (1:15:41 PM): come on lol
NEO (1:15:49 PM): It's unreleased, And i would like to keep it that way.
soulweaver2006 (1:15:50 PM): i wanna do it to some one
NEO (1:16:12 PM): lol
NEO (1:16:15 PM): if my exploit gets out
NEO (1:16:18 PM): sites all over the world
NEO (1:16:20 PM): will go down
soulweaver2006 (1:16:30 PM): i won't release it dude
soulweaver2006 (1:16:32 PM): if i do
soulweaver2006 (1:16:37 PM): you know you can own me
NEO (1:16:37 PM): You can still log into admin accounts and shit
NEO (1:16:41 PM): even if the mod is disabled
NEO (1:16:41 PM): cause
NEO (1:16:44 PM): its still installed "/>
NEO (1:17:11 PM): I only did it to prove my point to you "/>
NEO (1:17:16 PM): Point proven, Subject closed.
soulweaver2006 (1:19:39 PM): eh
soulweaver2006 (1:19:40 PM): u suck
NEO (1:19:47 PM): sorry
NEO (1:19:49 PM): im stingy
soulweaver2006 (1:19:52 PM): it's cool
soulweaver2006 (1:19:55 PM): i understand
soulweaver2006 (1:19:56 PM): but
soulweaver2006 (1:19:58 PM): you do know
soulweaver2006 (1:20:03 PM): if i released it
soulweaver2006 (1:20:13 PM): you would be able to rip my site apart

You don't need 'backing up'. We all believe you're getting screwed. Anyway, now that you've uninstalled this mod, let us know if he gets back in.

New exploits come out every day. Look even vbulletin has exploits in there software every now and then. It's not impossible. I just hope someone actually looks into this. This was a major pain to fix and I don't want anyone else to go through it.

I'm not saying you weren't hacked, you clearly were. I'm saying it was not because of this hack that it happened. There is no possible way that I can see that he could have done it with this hack. He got in another way, that's the only explanation. If he keeps you busy in the kitchen, he can steal you blind in the living room.

Just a small question, how do we know that it WASN'T this mod?

Look at the code. ;)

I know it was this hack because i have known this guy for 9 years and he lives 5 blocks from me. Look at the aim conversation that him and me had he says it right there. That should be fact enough for any one to investigate it.

This mod is working perfact on vbulletin 3.7.1 [checked creating thread option - not checked pm function as i don't use it.]

There is only one query in this mod; it's used to grab a username for formatting on the post itself. The query is protected by checking for a NULL value and a is_numeric value. If someone were to try an injection, these two checks would prevent it.

What *can* be done is someone can mess with the cookie to make it look like they are logging into a ton of accounts - if they want to throw a ton of userids into the cookie, they can. AE Detector will simply report what's stored in the cookie.

Never say never, but this plug-in contains very little code and only one query to the vB user database.

Well, I'll say never as to this not being the way in that hacker used on his site.

Welcome back, sir. ;)

I have no doubt that someone may have done that to you - but not via this modification. Its simply not possible. :)

Thank you MPDev :)

Hi Guys,

sorry for posting that here but I have posted it from 17th to "Multiple Account Registration prevation" and I had no answer so far.

So I am posting it again here in case you can tell my why.

thanks in advance.

Yes, that would be nice. But if he's trying to avoid getting caught via cookie he can just clear his cookies. Or he could use a different computer.

It's probably not real unusual for us to have a husband & wife discover our forum and register from the same IP within minutes of each other, but on their own computers.

Note also as I've pointed out, there's some other mod or something out there disabling this mod. It's working good on one of my forums, but not the other.

listen not only can he log in to my account he can edit anything he wants. He can sign into my name and be full admin.

Sounds like something like this is installed on your site?

https://vborg.vbsupport.ru/showthread.php?t=168819

I haven't seen any problems with this mod at all?

Regards,
Badger

You have now been told numerous times that whatever he has done, cannot be done via this mod. If you continue to spam this thread, the posts will be deleted and you will get an infraction.

i like to test the new version

Hi,
I am on VB 3.7 version. This hack was working fine and then it stopped working all of a sudden. I have removed and re-installed but to no avail. After reading some past posts, it seems like several others have had this issue, but I couldn't find any resolution posted. Does anyone know how to fix this??
TIA!

How do you know it's stopped working? Maybe that will give a clue to the problem.

Hi guys,
I found some mistakes in this MOD, some users detect wrong! each one from a different place!
I think there is some mistakes in the Cookies!!
any suggestion?!
thanks

This is the only way to test it as far as I can tell:

1. In Options, clear Ignore User IDs and Ignore Usergroup IDs
2. Log out, then log back in to your normal user account (not the same admin account) using the same browser

You should trigger the detector.

It used to create a thread in a forum indicating the users that are logging in from the same machine, and it stopped doing that all of a sudden. After re-installation didn't work, I tried changing some of the settings like clearing out the "Ignore usergroup ids and user ids" and also changed the forum id so that it could post the thread to another forum. Nothing worked!

So have you installed any other mods recently? A lot of us would really like to figure out which one(s) are disabling it.

i am in the same boat

this mod worked GREAT for me on vb 3.6.8

as soon as i upgraded to 3.7.2 absolutley nothing worked - no posts to my AE checker forum etc

No other mods installed that were not already on my 3.6.8

after the upgrade of vB, did you re-install the mod? upload the Product xml file, redo the template edits? Change and fill out the settings in the vB options area?

of course. and there are no template edits for this hack :rolleyes:

If an admin and/or supermod have an account and then creates another one in a regular/other usergroup does this mod ignore the admin/mods other accounts?

when i installed it worked but not working now for many days/weeks.

It may be time for some author interaction. I wonder if we could add some sort of debugging information to try to figure out why it's not working for so many people?

Like I said, it's working fine on one of my 3.7.2 forums, but not on the other. I've been assuming some other mod has been interfering with it.

it has detected 2 users today..
working sometimes and sometimes not..

Just curious here - but how do you know its sometimes not working ?

Thanks for looking at it Paul. I can't answer for vitrag, but the way I test this mod is to unset ignoring any groups or users in options, then log in as admin and log out and log back in as my second 'normal' user.

I just tried it again. On my newer board it trips immediately. On my older board it doesn't. Both cookies are present and are identical (except for the urls).

Sorry for the late response. I haven't installed any other mods after this one. I have filled out all the settings in VB options area.

I've had the same problem, it was working fine up until once of the recent post 3.7 patches and now the behaviour seems erratic. Out of interest, did you try the test on several different browsers?