I was wondering how I would improve vbulletin's security system.
The problem is, that there is a member on our forum that has been banned numerous times, and he now owns a website similar to the content of ours. We believe that he has downloaded his forum's database and has been cracking the hashes, getting access to some of the members on our forum.
I was wondering if there was a way to change the login algorithm to something a LOT more complicated. Like, pretend this is the login algorithm now:
md5(md5(password + salt))
I would want to change mine to something like this:
md5(md5(md5(md5(md5(userid + username + password + salt)))))
Or even something more secure.
Is there any way of doing this? A tutorial would be a GREAT help
Thanks!