vb.org Archive - security breached

Page 1 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - security breached (https://vborg.vbsupport.ru/showthread.php?t=57830)

xxxsaint

10-13-2003 12:29 AM

security breached

Hi , I come home this afternoon to find that someone has changed my admin password and is logged in with it. Immediately I thought it was because I've had html enabled on my board , so the first thing I did was to de-activate it in each forum on there and disable it from signatures.

Is there anywhere else that I can / should disable it from ? I'm kinda lost here on this one , never thought I would have that problem , but here it is.

any help and suggestions appreciated.

Erwin

10-13-2003 12:57 AM

What version are you using?

What hacks do you have?

Do you have other admins? Is you admin account unchangeable by other admins?

HTML is a bad idea as some code can be used to harvest cookie passwords.

xxxsaint

10-13-2003 01:00 AM

What version are you using? 2.2.6

What hacks do you have?
LeSane's Store - vbquiz - awards hack for store - arcade

Do you have other admins? yes

Is you admin account unchangeable by other admins?no

HTML is a bad idea as some code can be used to harvest cookie passwords.

Xenon

10-13-2003 02:34 PM

upgrade immediately to vb2.3.2, as there are a lot security holes below 229.

Update the Storehack, too.
There was also a big security hole in the old versions.

Dean C

10-13-2003 03:38 PM

.htaccess your admin directory too :)

xxxsaint

10-13-2003 04:49 PM

.htaccess completed

and get this , the guy just did it AGAIN but I caught how he did it :

through a donation in the store

if I upgrade the store , will it patch that ???

Lesane

10-13-2003 05:36 PM

Yes:
https://vborg.vbsupport.ru/showpost....postcount=2423

Xenon

10-13-2003 05:40 PM

Quote:

Originally Posted by xxxsaint

.htaccess completed

and get this , the guy just did it AGAIN but I caught how he did it :

through a donation in the store

if I upgrade the store , will it patch that ???

yes, but it'll just close the hole in the Store Hack.
There are other possibilities, too, so you should really upgrade the whole board

xxxsaint

10-13-2003 05:47 PM

k , well , in process of entire upgrade now.

Erwin

10-14-2003 07:05 AM

There you go. :) The vB.org community saves the day once again... ;)

All times are GMT. The time now is 03:36 AM.

Page 1 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01094 seconds Memory Usage 1,728KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: