Yet you posted 10 posts in this topic already, all proving the point I made that you quoted.

If there is an equivalent thread on .com, PLEASE post a link to it! That sounds like a lot of fun to read. PERIOD.

Guys, please don't be mean spirited. While I agree the original poster is not being logical about solving the problem, provoking somebody who has been hacked is neither kind nor constructive.

Yes, because apparently based upon some of the recent threads around here the right to be mean spirited is reserved for staff only.

Amy, that sentiment is not pointed at anybody in particular but it's getting to be a pretty common sight lately that if a staff member makes a light-hearted comment then it's OK but if a mere mortal makes a similar comment or responds to the staff members comment then another staff member comes along to whack the mortal across the knuckles with a ruler.





{Kevin goes back to his cave, expecting to admonished yet again for daring to question the voice of authority.}

You get those too? I got one for quoting Jim Carey. I thought it was funny but apparently it wasnt.

There are only a few people in here that are kind enough to try and explain something to someone. You are here to piss people off and try and make someone look stupid. As I told you before and I will tell you again. It is not my server, it is vbulletin. Believe it or not, there are tons of exploits for every forum software. I simply asked for some assistance.

disable all your hacks. if that doesn't work, then it is a PICNIC problem. for sure.

lmao... vB is NOT by far the secureist(Spelling?) BB out there by far.

Any half wit cvan gain access to your admin/smod users with nothing less then a brute forcer.

Heres some suggestions for the OP

1) Make your mods+ have SECURE passwords. I can almost positively say yours don't. they most likely have silly dictionary words.

thats th eonly option I will give you. everyone else took the rest.

IE - Remove those permissions from your smods
- Demot the SMOD if it's the same account geting it.


This next one will sound silly. Are you SURE you paid for it? Me myself if I had an issue like this the FIRST thing I would do is talk to vb.com about it... not bring it here.. since they WOULD be the best avenue.

Also What web server do you run?

Apache?
lighttpd?

I forget any others that may be out there.. mainly because they suck. if it's apache then... get rid of it... There are a number of security hoels in apache, most have fixes out there but I doubt you would take the time to find them.

lighttpd is the most secure of them all.

I would also install things like "Base" they help you with server security.

Windows or *nix?

It is well known windows based servers have crap security in themselves. easy as pie to get into and gain control. This is why 80% of those with brains use *nix for web properties.

Can you tell me how you do this? As you cannot attempt a brute force on vB3/3.5/3.6 without having a sites strikes systems disabled, even if you get the md5 hash of a cookie you'd need to obtain the secondary salt used by the cookie hashing system to actually brute force the real password. So you tell me now how you brute force the password, and if you can do it, take a shot at mine, :)

Considering how well aged the apache base is, if there are still security exploits with the most recent versions, 1.3.36 2.0.58 and 2.2.2 please report them.

If you are going to spout FUD here, please take it else where, theres no mass difference between a windows and linux server preformance or security wise with a competant system administrator.

Edit: so if vB is not the most secure, what is?



Now to the original poster, if you _truely_ believe this is a fault of the core vBulletin software PLEASE! send in a support ticket with as much information you can give us and if possible be willing to provide us with access to your webservers logs and other access we may request.

There are _no_ known issues at this time with any of the vBulletin core packages, 2.3.9 3.0.14 3.5.4 and 3.6.0 beta 3, if you know of one please report it to vBulletin.com via the members area.

Um, people aren't saying it's your server. We're saying it's software you've installed on your server and we've told you repeatedly how to go about tracking down the problem. At this point, it seems you don't want help - you want to fight. If you wanted help, you would have gone to Jelsoft - the makers of the software you feel is flawed.

I'm closing this because you don't seem to want any actual advice and just want to call people names.