Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Big Board Discussions

Reply
 
Thread Tools
Some idiot screwing with me. Details »»
Some idiot screwing with me.
Version: , by fordsho fordsho is offline
Developer Last Online: Jun 2009 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 02-26-2008 Last Update: Never Installs: 0
 
No support by the author.

My forum has been constantly turning on and off..... so now i receive this email
Code:
Alright f**ker..

Here's the deal. You don't want your site going down anymore? You're going to have to do 1 thing.

Give me access to your cPanel for the day. And tomorrow I'll remove my account that has all admin rights. Deal?

How I've been doing it.. hehe.. well, I have a hidden account on your database that has all admin rights. All I want to do is get in your cPanel to copy your database and I'll be on my way.

The way this works is.. you have a lot of users. You'll never find me in the 200,000something users you have. So.. therefore, you need me to give you the account I have so you can delete it. NOW.. replacing your database will not work. For I have a program on my desktop that gives me admin access to any vbulletin forum I want. You want your site safe? Well.. give me your cPanel and we'll call it even. You can change your cPanel password tomorrow.

He keeps turning it on and off how can i put an end to this!!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 02-26-2008, 07:35 PM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If he was just opening and closing the forum (e.g. from the adminCP), you can just demote all mods / admins except for yourself to a normal user, double check the rights of all the member groups, and check to make sure you're the only super admin (if you are one at all).
Reply With Quote
  #23  
Old 02-26-2008, 08:50 PM
Amenadiel's Avatar
Amenadiel Amenadiel is offline
 
Join Date: Sep 2006
Posts: 171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm sure he didn't had access to the admincp either, because he could run custom queries from there to get the user list.

It seems to me he got a way to upload a php file, and by adding an include('includes/config.php') he ran a script that turned the forum down. Now, If he knew what he was doing, he would have included a query in the uploaded file itself to strip the user list. Again, it's just a script kiddie.
Reply With Quote
  #24  
Old 02-27-2008, 07:29 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just think for yourself: If you where a hacker and had software to gain access to any vBulletin board, why would i target your site, i would go for the sites that get most attention: vb.com & vb.org.

Now how come we are never target to such successfull attacks if it was possible to hack "any vBulletin board".
Reply With Quote
  #25  
Old 02-27-2008, 07:56 AM
Freezerator Freezerator is offline
 
Join Date: Nov 2001
Location: Den Haag
Posts: 197
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would seriously reconsider your password and security policy's for staff.
Reply With Quote
  #26  
Old 02-27-2008, 08:59 AM
nerofix nerofix is offline
 
Join Date: Mar 2006
Location: Saarland
Posts: 219
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

One little question, is your whole webspace down or only your vb board?

If its the whole site (server not reachable anymore), then your provider should update the linux software with a better kernel.
I know this kinds of scripts getting your webspace down.
Reply With Quote
  #27  
Old 02-27-2008, 12:46 PM
fordsho fordsho is offline
 
Join Date: Jan 2008
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

His Reply.

Quote:
What is their URL? And for you being a little smart** bi*ch, I'll work on cracking your cPanel anyways. I have a friend that does all sorts of shit like that and it would be nothing to f**k you up. You sound like an amateur. "you lick sswarez's A**hole while your hold it's balls"? Let me guess, you're 15? You think replacing your vBulletin will fix your problem? It didn't. I'm staring at your ftp right now. You have your shit set up all sloppy. Not too professional By the way, you can delete that chat directory. It doesn't seem to be working right, since your fag*ot a** doesn't know how to set it up.. lmao. Amateur? Yes indeed. Your site is perfect for XSS. That means Cross Site Scripting. Oh yeah. You're f**ed now.. LMFAO.

Now seriously. What's your f**king cPanel password? If I have to crack it myself, it's only going to piss me off and I'll delete EVERYTHING. F**ktard.


This guy is pissing me off... im going to have all my passes rest and then go from there.
Reply With Quote
  #28  
Old 02-27-2008, 01:03 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Resetting the passwords should have been one of the first things you did.

He's bluffing. Ignore him and do not respond to him. The chat remark gives him away. Most sites that have a chat on them have a chat directory. Also, if he had your FTP, you would be seeing some phantom pages by now. He's bluffing to try and get you to give in. And with language like he is using, I'm guessing he isn't 15 yet. Look there first at any staff you have had in the past.
Reply With Quote
  #29  
Old 02-27-2008, 02:18 PM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by fordsho View Post
His Reply.





This guy is pissing me off... im going to have all my passes rest and then go from there.
All I can say is: he's working more your mind than your board... RELAX! and learn everybody is trying to help you here...
Reply With Quote
  #30  
Old 02-27-2008, 02:41 PM
sinfull sinfull is offline
 
Join Date: Jan 2008
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As Iogames stated, he's playing mind games.
Don't give in, put on your poker face
Also, my pass is 40 chars long consisting of letters numbers and an alot code.
Maybe you should do the same,so you don't have to worry about some little cracking attempts.

Btw, if he does have your database already, all he has to do is crack your hash and he has your forum password. So your best off to change it.
Reply With Quote
  #31  
Old 02-27-2008, 03:01 PM
lasto lasto is offline
 
Join Date: Jan 2002
Posts: 1,514
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

how is he getting in touch with u - if its by way of emails then he is leaving a trace etc - act upon it
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:00 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06992 seconds
  • Memory Usage 2,303KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete