Thread: Random account set to Administrator?
View Single Post
  #10  
Old 10-09-2013, 10:17 PM
Grimes Grimes is offline
 
Join Date: Jun 2012
Posts: 20
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ThatGreenAlien View Post
Today I woke up to see the newest member, some random account named qaz001 was in the administrator group? We banned them before anything was done, but what is this and what can we do to stop it? Is this like a hack or something?

I did a google search on the name, and a lot of other random boards have the same account set as an administrator... what's up with this?
I have the same exact thing happening. Same user, same situation. The email is qwe@qwe.com and the ip is the same each time out of the Ukraine. It comes up in spam ip searches online. They were able to set the usergroup to admin and registration ip is blank. I believe I caught it in time, but I noticed that that same user account was created multiple times, and their location under 'who's online' was plugin.php?do=doimport&do=doimport.

Check your plugins for strange plugins. I had multiple entries (one for each account) of a plugin titled 'ech' that uses the hook init_startup. I deleted them all. This just happened moments ago. I had registration turned off, but it was still creating that same account. Banning the username and ip + email seems to have stopped it. Bizarre. I'm in the process of a security check right now to see if there's a hole somewhere.
Reply With Quote
Благодарность от:
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01313 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete