Ok this is the first hack I tried to install. I was testing it with one of my mods, I changed his status to my banned profile. but when he tried to log out he just got an internal server error message. Now granted I am very new to this. I just edited the file in notepad, and then FTP'd the new member.php file in place of the old one, is there something I should be doing different.

Easily defeatable:

use a different browser (opera, netscape) and one can still "see the board"

And the notion that the average person doens't know about cookies is long outdated. Due to media, they do know about cookies and have programs that can manage them. Easy to delete cookies that are causing problems or heartaches, or prevents you from accessing a board.

My new computer came with a cookie manager program installed, so its kinda pointless these days.

not saying that this isn't a good hack, I just think it outlived its useage.

lol, Cookie manager? People these days are just too lazy to delete / plant them themselves.

Why not instead of a show_nopermission use a fake 404 error that way they think the site is down? another idea could be to make a certain usergroup just see 404 errors, just like the ban. the nthey think the site is down or something

Just a 'parallel' question about VB cookies... :cool:
If an user has set on his browser a cookie like, for instance:

• bbuserid=1234
• bbpassword=.... md5 hash ....

and that userid doesn't exist any more on that board, what does it happen when he tries to login VB ?
I mean, if I don't leave someone to logout from the board and his user is deleted some reason, all cookies will be lost as soon he tries to log again ... Is it true ?
Actually, he is first recognized as user 1234, then after the SELECT $bbuserinfo is empty and user is prompted to register (or set as guest) ... This time he looses all cookies, doesn't he ?

Thanks a lot

If your cookies are wrong a guest session (anonymous) will be created and the cookies will be deleted.

Thanks. Perfectly clear.

@GsxrTony: your problem is VERY LIKELY because of one of these reasons:

1- You FTP'd the file as "bin" instead of ascii. FTP programs have two mods, choose to upload as a ASCII file not, BIN.

2- After uploading the file, CHMOD it to 755.

Regards,

This hack already exits (ie HELLBAN and its twins) and yes I found it (them) very useful too.

I think you guys are missing something:

It's not this hack which introduced the cookie security system for banned users, it's the default vbulletin system. ;)

I've written that in my first message either: yes it's not 100% secure and people who know about vbulletin system or internet technologies can get around but I think we cant blame vbulletin either, because effective or not, it's the only security system for users who have dynamic ip.

So you may found this system ineffective but this has nothing to do with the hack itself, it's just the system vbulletin has. The hack only strengthens this system just a little bit, at least for ones who dont know how to pass it.

My 0.2 cents..

Regards,
Logician