Some idiot screwing with me.
 

My forum has been constantly turning on and off..... so now i receive this email

He keeps turning it on and off how can i put an end to this!!

Contact your host! Why are you not contacting your host with this information?

This is a registered user inside the database my host has Nothing to do with this.... NVM i guess i asked the wrong Big forum section.

If you can get into your admin cp then check the recent the admin log and note down all the IPs that have logged in as admin... check out who have registered with those ips and if you find any suspicious username with admin powers... BAN it right now... !! best of luck...

There is no way he has a program on his desktop that will give Admin rights to any vb site. You think you have problems now, wait until you see what happens if you do give him your CPanel login.

Lynne is right, contact your host. They can help track this down. If it's a user, just look for anyone with admin permissions either as a main group or a second usergroup.

If all he is doing is turning the board off and on, then he doesn't have that much power yet or he would be flexing muscle. Looks like he's running a script somewhere.

Do you have phpMyAdmin? Do you have it htaccess protected? Do you have your Admin CP and Mod CP htaccess protected?

i have phpmyadmin ive been going through it but going through a list of 200000 members is a drag... And no i dont have any of those htaccess protected so ill get on it.

He is either doing this by straight access to the database through phpMyAdmin, in which case looking at the access_logs will help you find exactly who is accessing that directory - use search in your text editor. Or he is going through your Admin Panel and must have admin access so you should look at your Administrator usergroup. And, as I said, you need to protect at least all three of those directories.

Damn nvm pass protecting the admin cp and mod cp directories didnt work either.... so now whats next.

If this guy was in the DB he wouldn't need CPanel access as the DB is all he wants. If he had Admin CP access, he would lock everyone out until he gets what he wants. The clown is running a script somewhere that is toggling the site off and on. If this guy had any real access at all he would be showing what he could do. He wants the DB to get whatever settings he can so he can do some more scripts. If all he has done so far is toggle the site off and off then that is where he needs to be stopped. And no matter what he does, do NOT give him anything.

DO NOT, NO MATTER WHAT GIVE HIM ANY ACCESS.
Check all your admin logs, and you should find the culprit.

No way im giving him access. that would be murder... im looking through logs but i cant see anything. its driving me nutz sneaky little bastard.

--------------- Added [DATE]1204054037[/DATE] at [TIME]1204054037[/TIME] ---------------

Well now im just going to put up a fresh copy of vb just delete all files except the database then upload new files.

You are so right! I wasn't thinking clearly about the overall picture of what was going on. I think if this were my site, I'd close it down and delete all my files and put the site back up with a backup from a few days ago.

Yea im deleting all the files and just puting up new ones but im going to be keeping my current database. as he didnt get in the database....

He's just running "kiddie scripts" is all. I know if I was a kid with the kiddie script mind-set what I would do if I had access to someone's db. He wouldn't be asking for something he already has access to. Your suggestion is the best way to go at this point. ;)

What a team! ;)

so basically there is no way to protect yourself against this type of thing - so the culprit wins once again if he has to change his files etc.
Surely there must be some protection from this sort of stuff out there.
Remember this affects all of us in the long run not just fordsho

Well i just finished upping the new files and well everything seems good for now... i lost my design and some other stuff but ill up those later on. but these guys are serious man i have a fairly decent number of members and what not and this guy just decides to take it from me..... i allready had someone steal my database when it was at 180k... that sucked big time.

Chances are the kid found some vulnerability in a hack somewhere. It might even be one he helped to write and set up for this. This is an isolated case and we don't know all of the details.

well heres the thing. the person doing this was probably one of my old staff who decided to steal the forum for his self and failed miserably...

Well, he didn't get what he was after. And apparently he doesn't have that much access or he would have done more damage. You are lucky this time. If he might have had any other details, now would be a good time to reset all passwords, FTP, ADMIN and MOD CPs. etc.

If he was just opening and closing the forum (e.g. from the adminCP), you can just demote all mods / admins except for yourself to a normal user, double check the rights of all the member groups, and check to make sure you're the only super admin (if you are one at all).

I'm sure he didn't had access to the admincp either, because he could run custom queries from there to get the user list.

It seems to me he got a way to upload a php file, and by adding an include('includes/config.php') he ran a script that turned the forum down. Now, If he knew what he was doing, he would have included a query in the uploaded file itself to strip the user list. Again, it's just a script kiddie.

Just think for yourself: If you where a hacker and had software to gain access to any vBulletin board, why would i target your site, i would go for the sites that get most attention: vb.com & vb.org.

Now how come we are never target to such successfull attacks if it was possible to hack "any vBulletin board".

I would seriously reconsider your password and security policy's for staff.

One little question, is your whole webspace down or only your vb board?

If its the whole site (server not reachable anymore), then your provider should update the linux software with a better kernel.
I know this kinds of scripts getting your webspace down.

His Reply.

:mad:

This guy is pissing me off... im going to have all my passes rest and then go from there.

Resetting the passwords should have been one of the first things you did.

He's bluffing. Ignore him and do not respond to him. The chat remark gives him away. Most sites that have a chat on them have a chat directory. Also, if he had your FTP, you would be seeing some phantom pages by now. He's bluffing to try and get you to give in. And with language like he is using, I'm guessing he isn't 15 yet. Look there first at any staff you have had in the past.

All I can say is: he's working more your mind than your board... RELAX! and learn ;) everybody is trying to help you here...

As Iogames stated, he's playing mind games.
Don't give in, put on your poker face ;)
Also, my pass is 40 chars long consisting of letters numbers and an alot code.
Maybe you should do the same,so you don't have to worry about some little cracking attempts.

Btw, if he does have your database already, all he has to do is crack your hash and he has your forum password. So your best off to change it.

how is he getting in touch with u - if its by way of emails then he is leaving a trace etc - act upon it

Yea he is getting in touch with me via a email from hotmail, and yea he is really screwing with my mind. i never really had to deal with hacking or guys like this because i generally do honest work. but i had this guy work with me and he had picked a couple of mods and these mods are the ones that want the site. They decided that they should have the forums and not me so thats the reason they are barking up my tree. i changed my forum pass like 2-3 this month and im going to be changing everything else as well.

serious why get worked up over it - kk it more than annoying and is taking up time u dont have but besides that look on it as more of a hindrance than anything else.
Like everyone else said - why would they need cpanel etc if they hacked your site - so you are fairly safe.ALso get in touch with your host and let them know what is happening and see if they can offer any help.Log all chats etc and keep any emails you recieve.

I suggest you ask your host provider to ask hotmail for some help. Attacking a website is against the law and your host provider can press charges.

You've got a rogue staff member from the past is what it looks like to me. Someone who knows a few things but not enough to convince me he's dangerous at all. You have to be more careful in who you give the power to. It's not as easy to take away as it is to give it.

Ignore the emails and report them. The more you answer him the more he knows he's got you. That is a big part of it, knowing he has your mind.

If he was staring at your FTP, he could grab the database. It is BS..

Correct me if im wrong but database is not stored on the ftp - so how can he grab the database from the ftp unless it was stored there for back up purposes.

better yet, put the entire block in iptables if you're on your own box.

if you're on shared hosting, change your database username and password as well. there's the possibility that he has an account on the same shared box and can easily manipulate your db with the proper credentials, regardless of which user root he's running a kiddie script from.

and the guy doesn't sound too smart either... if he can access your database to switch the on/off flag, then he can certainly dump the database into your webroot and simply download it.

Just like someone said at the beginning of the thread, you should contact your host about this. They do this for a living and if they are half decent they will have a standard procedure to deal with these kinds of actions to fill the holes, to track him down and report his information to the proper authorities.

In other words, you got friends, use them!

Well, first of all, he could see your includes/config.php file and download that, get your db info, upload a script to access it, and dump/download the db..

--------------- Added [DATE]1204141158[/DATE] at [TIME]1204141158[/TIME] ---------------

It should also be noted that it would be to his benefit for you to NOT know he took the database. He is just trying to con you into giving it to him because he has no other way to get the data..

Thank you guys for all the help my Host has been notified since sunday and i believe they took the necessary precautions. I'm just glad my site is safe but stuff like this can really get you shook up.