vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Someone extracted all users' emails from vBulletin DB (https://vborg.vbsupport.ru/showthread.php?t=298525)

clauz 05-28-2013 05:17 AM
Someone extracted all users' emails from vBulletin DB
 
Hello,
I have a vBulletin forum 4.2.1 .
It is about Table Tennis.
Unfortunately last week all our community members (about 5000 users) have received emails from some guy who owns a Table Tennis Hall, regarding some Competition there...
He has an account on my forum and he registered there with the email responsible for the spam.
I think he hacked our database and extracted all users' emails so he can promote his business.
I must specify that send mail function is disabled for all users in our forum.

What can I do?

ForceHSS 05-28-2013 05:59 AM
Check server logs by getting in touch with your host if needed

Big Al 05-28-2013 06:21 AM
Send in an abuse report to the email service. As he is using it in violation of his signed agreement with them.

If for example it is johnsmith @yahoo.com Then send a copy of the spam email along with the headers to abuse@yahoo.com Naturally use the name of the email account, if it is not yahoo.

Just put the word abuse in front of the name as above.

clauz 05-28-2013 06:49 AM
I mean, it is possible for any user (no moderator or admin) to extract emails from vBulletin DB? (last version)
Can we somehow secure the database?

Lynne 05-28-2013 03:27 PM
The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.

clauz 05-30-2013 06:32 AM
Quote:
Originally Posted by Lynne (Post 2424650)
The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.
I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.

ForceHSS 05-30-2013 08:29 AM
Quote:
Originally Posted by clauz (Post 2424890)
I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.
Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs

clauz 05-30-2013 09:48 AM
Quote:
Originally Posted by ForceHSS (Post 2424902)
Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs
Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.

ForceHSS 05-30-2013 09:54 AM
Quote:
Originally Posted by clauz (Post 2424912)
Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.
Talk to your host about making things more secure. You can secure your forums more if you need help with this pm me will be happy to help u for free


All times are GMT. The time now is 03:43 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01600 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete