Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #1  
Old 12-20-2011, 02:31 PM
mrfarb mrfarb is offline
 
Join Date: Jan 2010
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default new user signed up as Admin

I had a user sign up with no email and no IP address - was also listed as an Admin! I immediatly deleted the user account. Username was TeamPS. My question is, how did he sign up? Was this breach through the host or from a VB exploit? I was running 4.1.7 which I have now upgraded to 4.1.9 - with the holidays and work I was behind on my update.

Any ideas on what I should do to secure the forum? I had no ill effects from the breach....luckily.
Reply With Quote
  #2  
Old 12-20-2011, 02:37 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My first suspicion is, another of your admins might have created the account?
Reply With Quote
  #3  
Old 12-20-2011, 02:39 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mrfarb View Post
I had a user sign up with no email and no IP address - was also listed as an Admin! I immediatly deleted the user account. Username was TeamPS. My question is, how did he sign up? Was this breach through the host or from a VB exploit? I was running 4.1.7 which I have now upgraded to 4.1.9 - with the holidays and work I was behind on my update.

Any ideas on what I should do to secure the forum? I had no ill effects from the breach....luckily.
Ahh one of those p0wersurge members... Well you did the right thing by removing then immediately updating.

I would also:
1) Change database passwords *Don't forget to update the config.php files for vBulletin and any other software running on your site.
2) Change FTP account passwords.
3) .htaccess protect your admincp and modcp here are some useful links;
.htaccess authentication generator:
http://www.htaccesstools.com/htaccess-authentication/
.htaccess password generator:
http://www.htaccesstools.com/htpasswd-generator/
4) Check to see if they added any admin accounts, on one site they changed the primary admin account name to what they desired and went so far as to re-create the admin accounts w/ the same details but no admin permissions to throw the site owners off for a little bit.

I know adding in .htaccess will help, what they seem to be exploiting on most sites is the admin account name and password (therefor the changing of db and ftp passwords is more precautionary at the moment, the most important thing is to add .htaccess protection to your admincp and modcp folders) however if they don't have access to the server there's no way they can bypass the .htaccess protection and yes that means use a entirely different username and complex password when creating the .htaccess and .htpasswd files. Also on that note, be sure the .htpasswd is stored above public_html i.e. in /home/accountnamehere/.htpasswds
Reply With Quote
  #4  
Old 12-20-2011, 02:46 PM
mrfarb mrfarb is offline
 
Join Date: Jan 2010
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks. I temporarily suspended new registrations- would that even help?
Reply With Quote
  #5  
Old 12-20-2011, 02:48 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mrfarb View Post
Thanks. I temporarily suspended new registrations- would that even help?
Yes and no, change your admin account password too I forgot to mention that and add in the .htaccess protection - do that now!
Reply With Quote
  #6  
Old 12-20-2011, 02:56 PM
mrfarb mrfarb is offline
 
Join Date: Jan 2010
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks. I am doing it at this moment! You are the last Superman....
Reply With Quote
Благодарность от:
TheLastSuperman
  #7  
Old 12-20-2011, 05:05 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

^ Now remember, this will help drastically however they can still do anything you normally can outside the admin control panel if they obtain your credentials.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:07 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04268 seconds
  • Memory Usage 2,220KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (1)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete