vb.org Archive - Odd Type Of Forum Hack

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)

- - Odd Type Of Forum Hack (https://vborg.vbsupport.ru/showthread.php?t=209352)

Odd Type Of Forum Hack

It's been an easy week on my forum, a member and personal friend of mine decides he wants to sell his motorcycle to upgrade, so a thread is created. People respond and comment, a day later he announces that the bike has sold. Within this week the same member creates and responds to threads, we chat back and forth a bit via PM. Business as usual. I find out tonight that he has been out of town for a week, and asks "why is my bike for sale?" Not only my forum, but four other forums of the same niche have the same type of posts. What's even more bizzare is this person posing as this member sent myself and three of his friends a personal email saying that the person he sold his bike to, cheque didn't clear so I had to go and get the bike back, etc, etc. Now he did admit to having the same password across all the boards, but what would appeal to somebody to take the time and cause this kind of trouble? On top of all that, I noticed a new member has joined the site tonight...with the original member's email address. It's very odd and I'm not sure what to tell him, to me this isn't a site security issue, it's more of a password security issue. Frankly, I am bothered by the whole situation and I would like to know the root cause. Anybody have a similar experience??

seems like someone try to avoid a bike sale... it's easy to say "it was not me, my account was tricked, blah blah..."

Did you check the IPs of the posts?

That is rather alarming!
That person must have been stalking the 'victim' online for ages to guess the password, know his email and bike details!!

Quote:

Originally Posted by Lynne (Post 1776284)

Did you check the IPs of the posts?

Yes I did, and the IP doesn't match his regular IP. Strange thing, we now have a new user with the same mystery IP and used his email to register. Very odd

Quote:

Originally Posted by Trip (Post 1776252)

I noticed a new member has joined the site tonight...with the original member's email address.

Your not supposed to allow members to reuse an email address.

Someone could have gotten your friends email password - this could have been done through a keyword logger. Or he checked his email from an infected computer.

It does not sound like a "hack" at all, but more of a combination of low security settings on your forum and your friends computer.

I assume this is an hotmail address?

Quote:

Originally Posted by kevcj (Post 1776579)

Yeah, I've since set the radio button over to not allow same email addys

Quote:

Originally Posted by Alfa1 (Post 1776749)

I assume this is an hotmail address?

Same, it's a gmail

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01050 seconds Memory Usage 1,726KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: