The Arcive of Official vBulletin Modifications Site.

Some idiot screwing with me. · **Released**: 02-26-2008

My forum has been constantly turning on and off..... so now i receive this email

Code:

Alright f**ker..

Here's the deal. You don't want your site going down anymore? You're going to have to do 1 thing.

Give me access to your cPanel for the day. And tomorrow I'll remove my account that has all admin rights. Deal?

How I've been doing it.. hehe.. well, I have a hidden account on your database that has all admin rights. All I want to do is get in your cPanel to copy your database and I'll be on my way.

The way this works is.. you have a lot of users. You'll never find me in the 200,000something users you have. So.. therefore, you need me to give you the account I have so you can delete it. NOW.. replacing your database will not work. For I have a program on my desktop that gives me admin access to any vbulletin forum I want. You want your site safe? Well.. give me your cPanel and we'll call it even. You can change your cPanel password tomorrow.

He keeps turning it on and off how can i put an end to this!!

fordsho · #32 02-27-2008, 03:41 PM

Yea he is getting in touch with me via a email from hotmail, and yea he is really screwing with my mind. i never really had to deal with hacking or guys like this because i generally do honest work. but i had this guy work with me and he had picked a couple of mods and these mods are the ones that want the site. They decided that they should have the forums and not me so thats the reason they are barking up my tree. i changed my forum pass like 2-3 this month and im going to be changing everything else as well.

lasto · #33 02-27-2008, 03:46 PM

serious why get worked up over it - kk it more than annoying and is taking up time u dont have but besides that look on it as more of a hindrance than anything else.
Like everyone else said - why would they need cpanel etc if they hacked your site - so you are fairly safe.ALso get in touch with your host and let them know what is happening and see if they can offer any help.Log all chats etc and keep any emails you recieve.

G0F0RBR0KE · #34 02-27-2008, 03:47 PM

I suggest you ask your host provider to ask hotmail for some help. Attacking a website is against the law and your host provider can press charges.

Boofo · #35 02-27-2008, 04:24 PM

You've got a rogue staff member from the past is what it looks like to me. Someone who knows a few things but not enough to convince me he's dangerous at all. You have to be more careful in who you give the power to. It's not as easy to take away as it is to give it.

Ignore the emails and report them. The more you answer him the more he knows he's got you. That is a big part of it, knowing he has your mind.

Jafo232 · #36 02-27-2008, 04:27 PM

If he was staring at your FTP, he could grab the database. It is BS..

lasto · #37 02-27-2008, 04:45 PM

Quote:

Originally Posted by Jafo232

If he was staring at your FTP, he could grab the database. It is BS..

Correct me if im wrong but database is not stored on the ftp - so how can he grab the database from the ftp unless it was stored there for back up purposes.

DivisionByZero · #38 02-27-2008, 05:07 PM

Quote:

Originally Posted by Neutral Singh

If you can get into your admin cp then check the recent the admin log and note down all the IPs that have logged in as admin... check out who have registered with those ips and if you find any suspicious username with admin powers... BAN it right now... !! best of luck...

better yet, put the entire block in iptables if you're on your own box.

if you're on shared hosting, change your database username and password as well. there's the possibility that he has an account on the same shared box and can easily manipulate your db with the proper credentials, regardless of which user root he's running a kiddie script from.

and the guy doesn't sound too smart either... if he can access your database to switch the on/off flag, then he can certainly dump the database into your webroot and simply download it.

Reynaldovb · #39 02-27-2008, 05:23 PM

Just like someone said at the beginning of the thread, you should contact your host about this. They do this for a living and if they are half decent they will have a standard procedure to deal with these kinds of actions to fill the holes, to track him down and report his information to the proper authorities.

In other words, you got friends, use them!

Jafo232 · #40 02-27-2008, 05:35 PM

Quote:

Originally Posted by lasto

Correct me if im wrong but database is not stored on the ftp - so how can he grab the database from the ftp unless it was stored there for back up purposes.

Well, first of all, he could see your includes/config.php file and download that, get your db info, upload a script to access it, and dump/download the db..

--------------- Added [DATE]1204141158[/DATE] at [TIME]1204141158[/TIME] ---------------

It should also be noted that it would be to his benefit for you to NOT know he took the database. He is just trying to con you into giving it to him because he has no other way to get the data..

fordsho · #41 02-27-2008, 06:12 PM

Thank you guys for all the help my Host has been notified since sunday and i believe they took the necessary precautions. I'm just glad my site is safe but stuff like this can really get you shook up.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04670 seconds Memory Usage 2,304KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)bbcode_code (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (11)post_thanks_box (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!