vb.org Archive
Page 50 of 60 « First 404849 50 5152 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Administrative and Maintenance Tools - Multiple account login detector (AE Detector) (https://vborg.vbsupport.ru/showthread.php?t=125871)

Boofo 06-22-2008 05:50 PM
Look at the code. ;)

FRANKTHETANK 2 06-22-2008 07:32 PM
Quote:
Originally Posted by Mum (Post 1556209)
Just a small question, how do we know that it WASN'T this mod?
I know it was this hack because i have known this guy for 9 years and he lives 5 blocks from me. Look at the aim conversation that him and me had he says it right there. That should be fact enough for any one to investigate it.

vitrag24 06-22-2008 09:49 PM
This mod is working perfact on vbulletin 3.7.1 [checked creating thread option - not checked pm function as i don't use it.]

MPDev 06-22-2008 11:53 PM
There is only one query in this mod; it's used to grab a username for formatting on the post itself. The query is protected by checking for a NULL value and a is_numeric value. If someone were to try an injection, these two checks would prevent it.

What *can* be done is someone can mess with the cookie to make it look like they are logging into a ton of accounts - if they want to throw a ton of userids into the cookie, they can. AE Detector will simply report what's stored in the cookie.

Never say never, but this plug-in contains very little code and only one query to the vB user database.

Boofo 06-23-2008 01:12 AM
Well, I'll say never as to this not being the way in that hacker used on his site.

Welcome back, sir. ;)

Paul M 06-23-2008 02:10 AM
Quote:
Originally Posted by FRANKTHETANK 2 (Post 1556181)
I might even get the owner of the server i was on to come and back me up. Not only did he have access to my site, but he deleted cpanel, he messed up whmcs, and he replaced every and i mean ever index.php/html/etc, on the server.
I have no doubt that someone may have done that to you - but not via this modification. Its simply not possible. :)

Mum 06-23-2008 03:32 AM
Quote:
Originally Posted by MPDev (Post 1556412)
There is only one query in this mod; it's used to grab a username for formatting on the post itself. The query is protected by checking for a NULL value and a is_numeric value. If someone were to try an injection, these two checks would prevent it.

What *can* be done is someone can mess with the cookie to make it look like they are logging into a ton of accounts - if they want to throw a ton of userids into the cookie, they can. AE Detector will simply report what's stored in the cookie.

Never say never, but this plug-in contains very little code and only one query to the vB user database.
Thank you MPDev :)

johnban 06-23-2008 02:04 PM
Hi Guys,

sorry for posting that here but I have posted it from 17th to "Multiple Account Registration prevation" and I had no answer so far.

So I am posting it again here in case you can tell my why.

thanks in advance.

Quote:
Hi I installed the hack in 3.7

If I have a user that has logged in and then he is making a new registration then the hack it's catching him.

But ??..

One user has registered into my forum at 16:00 (let?s say) from IP address 11.111.111.111 (of course it is not the real IP). After 30 minutes he is registering again with different username/mail but from the same IP. Shouldn?t be captured by the hack ??

Thanks,

John B.

Videx 06-23-2008 02:16 PM
Quote:
Originally Posted by johnban (Post 1556841)
from the same IP. Shouldn?t be captured by the hack ??
Yes, that would be nice. But if he's trying to avoid getting caught via cookie he can just clear his cookies. Or he could use a different computer.

It's probably not real unusual for us to have a husband & wife discover our forum and register from the same IP within minutes of each other, but on their own computers.

Note also as I've pointed out, there's some other mod or something out there disabling this mod. It's working good on one of my forums, but not the other.

FRANKTHETANK 2 06-23-2008 05:38 PM
listen not only can he log in to my account he can edit anything he wants. He can sign into my name and be full admin.


All times are GMT. The time now is 04:04 AM.
Page 50 of 60 « First 404849 50 5152 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01394 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete