Only if you let it shake you up. Getting upset or shaken up doesn't fix the problem. Calm heads ALWAYS prevail. ;)

One thing we learned... We need a 'Board Security' Section...

and P.S. This thread has more profanity that a day with my GrandMa :D

LOL at Grandma. Been there, heard that.

Do you ever stop to think that maybe Fordsho was the real 'hacker' that was trying to learn from us?!?!?! :eek:

:D Just kidding!

p.s. but I never saw the site :P

Well, I know it wasn't me or iogames. That would be giving us both way too much credit for being smart enough to pull anything off even remotely similar.

Heres the way to find him: Goto usergroup manager, then look at all the groups the users, additional users too. If its one too many just delete the user. Or download a copy of your database, and search for (if you have your usertitle for admin "administrator" search that in the database, youll sooner or later find him.)

Worked for me when my boards were getting punked by scripties.

send me his hotmail e-mail address to cyrusphantasm@gmail.com . I hate these type of internet punks and I take GREAT DELIGHT in taking these f**ks out!!!

I will track down everything about him (because I have legal access to MSN), and forward you his IP, real name, location, phone number and anything else tied to his system.

Then you can take legal action if he did anything destructive.. But NEVER GIVE UP YOUR VB ACCESS!!! I had this exact same thing happen to me 3 weeks ago on www.indie2industry.com except this person somehow actually gained access and tried nuking my templates, hell, I'm still fixing my board, look @ this page. This is the last one I have to figure out how to fix(since I'm not a coder).

http://www.indie2industry.com/forum/forum.php

But in return, I locked him out of his home computer (from info from his hotmail address), then reported him to my local FBI office, come to find out, he was local to my area AND have child porn and hacking tools on his computer.. NYS has a no tolerence policy against hackers.


SO BASICALLY, if this dude you're dealing with is tourmenting you via "HOTMAIL" then he's a TOTAL IDIOT... HOTMAIL/MSN is totally tracable on all levels.. Let me know if you need any assistance...

I hate destructive hackers :-(

Although i do understand your angre and frustration, i doubt what you are suggesting/offering here is legal. Please do not use or discuss illegal actions on vBulletin.org.

gotcha;)

my apologys

indie2industry my msn is :greek-chater@hotmail.com if you want add me because in the future maybe i need your help against hackers ;)

Although Im sure we all agree with you on moral grounds alone, I guess the Boss has an obligation to "Inform you" :)

I've learnt alot from this thread, makes me think about security more to say the least ;)

All The Guys @ Volitian.

By the way. You know what would be cool? Just set up a "Custom PHP script" that will take the guy's IP. Just give the kid the link, and a face user/pass, end when he logins you will also get his IP, and you will also... scare him if you put some FBI page there :D

If you have photopost, photopost classifieds, or reviewpost, there is an exploit that was published a couple months ago. You should have an email from photopost.com telling you how to patch older versions. The exploit can be used to upload .php files to the web server by tricking photopost into thinking the file is legit.

Please Do Not Use Bad Word In Here

And Contact Your Host For Help I Am Sure They Will Help You

Hi all,

First of all I'M a total newbie....joined a week back. Below is what I think about this discussion, its just my sweet little brainy thought over it..lol

i just went through the whole discussion, got to learn a lot..
But, I'd like to know something from the masters here !!

The person above "fordsho" describes his problem, he says that he has around 200000 members on his board. But did anyone noticed his Join Date and Post Counts ??

how can he ever have 200000 members in 3 months ??

If in any case, he's true then he must be using a nulled version of vBulletin since years that already contained some malicious program within itself that allowed the hacker to screw the board up OR he himself got lucky enough to get hands on the database of some big board (God knows how).

Please do reply to this and correct me if i'm going wrongg..

Thank You

Sounds like he gained access to an admin account and gave himself admin permissions. All you really have to do is go in and remove his admin rights, make every admin change their passwords and do scans on their computers. It would also be a good idea to change all of the site's passwords for cPanel, etc.

just getting back to this thread... I'm sorry.

I forgot to ask. Do you have any mods & add-ons you didn't get from here? he may have scripted himself access also.

Has he sent you an e-mail??? If so, he's TOAST!!! DON'T USE OUTLOOK!!
Go to www.mail2web.com

Login: yourname@yourdomain.com
password: your password

retrieve his message. In the bottom/left corner of the e-mail(s) it'll show his IP address.
FIRST, log into your server and block it from there.
THEN, go to your vbullletin admin cp, go to Banning Options, and ban the IP from there also. But DON'T BAN HIS E-MAIL!! If he contacts you again, you want to know from where so you can also block that IP.

This may also help.
https://vborg.vbsupport.ru/showthrea...ighlight=proxy

--------------- Added [DATE]1206062226[/DATE] at [TIME]1206062226[/TIME] ---------------

:D:D:D

He couldve had a different type of forum and switched to VB using the impex to transfer his other board.
and if had a nulled the staff would said something when he replied

On top of that. He wouldn't be able to post in the 'Big Board Discussions' since it's only for license uses.

These links may assist U...> http://www.surprisechat.com/boards/v...d.php?tid=2458

http://www.emailabuse.org/

# Update your operating system with the latest patches.
# Keep your antivirus program up-to-date.
# Install a personal firewall.
# Periodically sweep for Trojan horses running on your PC.
# Use htaccess and allow only auth. ips access to control panel.
# Implement more security tracking software to view logs and vital areas of domain.

Good Luck

Okay few things.

1st, as vb.com would say :)

To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

[Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

Next, disable all plugins.

Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it. Do you have the same problem?

--------------------------------------

obviously some of the above will not apply to you, but that is the general first thing you do. Check your plugins and hacks you have done to your board!

--------------------------------------

2nd, you said your database was compromised a few months ago or something. Well that rings alarm bells straight away.
Provide more info on this aspect and it may shed some light.

--------------------------------------

3rd, are you the only admin?

--------------------------------------

4th, are you on shared hosting or a dedicated server?

--------------------------------------

5th, What vbulletin version are you running?

-------------------------------------

6th, what version of php and mysql are you on?

----------------------------------------


Once I know the above info, we can go from there.

two words - mod security - on you web server - http://www.modsecurity.org/

This will help with the script kiddies - and XSS and system injection attacks - if your server or site was compromised it was because the security sucked.

Also I would make sure you have cpanel server locked down - go to the cpanel forums to find out how.

Do you have shell access to the server?

You may want to run rkhunter and see whats up.

If you have been comprimised for a month - well best advice to you is - redo the server - i.e. wipe it clean and reinstall the OS lock it down, install mod security and trip wire - rebuild your forum etc and go from there.

A system that has been hacked for a month is screwed no matter what you do.

If you need more in depth help, I`d offer my help : server & forum. Drop a pm if you want to.

Why is this in the big board forums?

well doh cause its a big board being screwed with