Thank you very much. Only one issue with adding them to unalterable I would have to add 7K member id's. If I where to change all member id numbers and a person had an old copy of the DB, would they still be able to gain access with their username and passes?

Im not trying to ask a stupid question but I have no choice. How would they have a copy of your DB? And if they did then do they have access to the phpmyadmin or some way to edit your database now. If so then that is how your getting hacked. Now that I think about it thats the only way it makes sense. If I were you I would change the access username and password to the DB and edit the config.php with the new info. Make sure your config.php isnt CHMOD to 777 or something. Make it 644. If I were you I would change the ftp account info also. If he can read the config.php by downloading it through ftp then he will know your DB info. And if you think this person has a copy of the DB then you should do a few things.
1. make all passwords expire.
2. Prune out any members who have been inactive for a long time. I usually do this on a 90 days basis but its purely up to you.
3. Ban those IP's you know are the person.
And change all access info. FTP, DB, and anything else Im forgeting.

adding users to unalterterable users would not stop the usergroup from being manually changed in the db.

I think ashkarita meant just the mods, supermods, and admin.

You guys are missing the point. He KNOWS FOR SURE that it is VB. PERIOD. It is definately not his server, OS, userIDs, directory permissions, mysql, php, proxies, network, video card drivers, Starcraft Brood Wars, SCSI cable, LEDs, multicast Bidir PIM, IPv6, Duke Nukem Forever, iPod Shuffle....

All your suggestions are a waste of time, it is VB. PERIOD. He is POSITIVE. PERIOD.

... which is why people telling him to seek support on vBulletin.com is the proper avenue.

I run vb 3.0.7 and i added this double login for my admin panel, its so they need to login with that login before they can login to real admin, i haven't been hacked once yet. Maybe you should try it.

So we can tell him its not vB, and he can disagree with us? :)

Since he won't believe anybody here on .org that it's not a vB problem and he is absolutely, positively convinced it is.... then just think of the fun thread it will make for on .com! :D

:banana:

Try to be a bit more open minded and accept people's suggestions and input. If you are asking as a regular vbulletin user, learn from what the more advanced users tell you. Being set in your own ways and thinking that you know the problem will make it so that people can't help you. If you know it all, then you shouldn't be having this problem ;)

It can be a server issue because user's can give do whatever they'd like with any account (including there's) via phpmyadmin and such. Also, if it keeps happening to the same user, that is rather suspicious, is this the case? If so, it can be a problem with the user. Try giving every usergroup regular user permissions accept for you (temporarily), and see how things go.