vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   How can i force all users to change their password the next time they login? (https://vborg.vbsupport.ru/showthread.php?t=185085)

webuser99 07-12-2008 07:58 AM
How can i force all users to change their password the next time they login?
 
My forum DB was recently compromised, and I am worried that the attacker may have copied the DB to his harddrive, and can get all my users passwords.

How can I force all users to change their password the next time they login?

Please let me know asap, whether it's a plugin or whatever.

I would like something relatively easy to do, but please be descriptive.

Thank you very very much, I am awaiting a response before i put my forum back online.

Webuser99

Phornixx 07-12-2008 08:25 PM
I don't really know if that hack exists but you can force them to read a thread, just search for that, I think that if the users want their accounts will change their passwords.

blind-eddie 07-12-2008 10:31 PM
Go to you Admincp/Usergroups/Usergroup Manager, click on desired Usergroup.
In the very first section, you will see the line that reads,

Password Expiry
(If you specify a number of days here, users will be required to change their password when this amount of time elapsed since they last changed)

Change that number to a very low number, If you have one set there.
Send a mass email to all members informing them of site related items.
Not the issue at hand.
This will get them to your site & see the pop up that tells them that their password is now expired.

Monitor your site a day or so, then up the number you set in the Password Expiry to what ever you wish.

Note, this will need to be done to all usergroups with site privileges.

ssslippy 07-12-2008 11:05 PM
Remember passwords are encoded in the database I dont believe its possidble to recode the password.

Dismounted 07-13-2008 06:38 AM
Quote:
Originally Posted by ssslippy (Post 1573849)
Remember passwords are encoded in the database I dont believe its possidble to recode the password.
It's actually called "hashing" - because it is one way only. And yes, all passwords in the database are encrypted and cannot be quickly or easily changed back into plain text. In fact, a decent password would probably take years to find.

The attacker could have just replaced the password hash - that would allow him access.


All times are GMT. The time now is 10:33 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01600 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete