vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Security Problem with user injection (https://vborg.vbsupport.ru/showthread.php?t=262226)

Pepcfreak 04-19-2011 12:17 AM
Security Problem with user injection
 
I have been combating for the past few days now users that are being injected into the site. I am running 4.1.3 .

The website is

http://www.revans-legacy.com

Any help would be greatly appreciated.

Zachery 04-19-2011 12:23 AM
Disable recapcha and quick registration via facebook.

Use Q&A instead.

Pepcfreak 04-19-2011 12:36 AM
I had q&a at first when it started happening thought rechaptcha would be better. Seems they are injecting fake users.

The ips they are using dont match google analytics. Half are russian and half are india with some france. Yet i have no hits from thos countries.

I reinstated the question and disabled facebook.

These are fake accounts 100%

--------------- Added [DATE]1303245243[/DATE] at [TIME]1303245243[/TIME] ---------------

Bump... they are still getting in.

I cant figure it out. Ive done what u suggested and still no dice. 2 more just made their way in.

Zachery 04-21-2011 05:57 PM
You're using the stock 1000% completely use Image Verification, you need to use Q&A.

janaf 04-21-2011 06:36 PM
rechaptcha is broken/hacked since half a year at least! Google for "recaptcha broken" to find out more.

There is plenty of exploit code around. Use something else....


All times are GMT. The time now is 09:55 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00990 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete