Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 07-12-2008, 07:58 AM
webuser99 webuser99 is offline
 
Join Date: May 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How can i force all users to change their password the next time they login?

My forum DB was recently compromised, and I am worried that the attacker may have copied the DB to his harddrive, and can get all my users passwords.

How can I force all users to change their password the next time they login?

Please let me know asap, whether it's a plugin or whatever.

I would like something relatively easy to do, but please be descriptive.

Thank you very very much, I am awaiting a response before i put my forum back online.

Webuser99
Reply With Quote
  #2  
Old 07-12-2008, 08:25 PM
Phornixx Phornixx is offline
 
Join Date: Feb 2008
Location: Macedonia
Posts: 80
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't really know if that hack exists but you can force them to read a thread, just search for that, I think that if the users want their accounts will change their passwords.
Reply With Quote
  #3  
Old 07-12-2008, 10:31 PM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Go to you Admincp/Usergroups/Usergroup Manager, click on desired Usergroup.
In the very first section, you will see the line that reads,

Password Expiry
(If you specify a number of days here, users will be required to change their password when this amount of time elapsed since they last changed)

Change that number to a very low number, If you have one set there.
Send a mass email to all members informing them of site related items.
Not the issue at hand.
This will get them to your site & see the pop up that tells them that their password is now expired.

Monitor your site a day or so, then up the number you set in the Password Expiry to what ever you wish.

Note, this will need to be done to all usergroups with site privileges.
Reply With Quote
  #4  
Old 07-12-2008, 11:05 PM
ssslippy ssslippy is offline
 
Join Date: Jan 2006
Posts: 877
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Remember passwords are encoded in the database I dont believe its possidble to recode the password.
Reply With Quote
  #5  
Old 07-13-2008, 06:38 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ssslippy View Post
Remember passwords are encoded in the database I dont believe its possidble to recode the password.
It's actually called "hashing" - because it is one way only. And yes, all passwords in the database are encrypted and cannot be quickly or easily changed back into plain text. In fact, a decent password would probably take years to find.

The attacker could have just replaced the password hash - that would allow him access.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03837 seconds
  • Memory Usage 2,191KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete