A Hacker Deleted A Load Of Threads

[KempoMRK]

Permanently as well. So there's no way to get them back. But anyway, that's not my question.

The hacker logged in as a supermod on the site and deleted a load of threads that way. Is there anyway to find out how they got the password? Or even if it was just the actual member and now he's lying?

IP's have been checked and whoever did it used a proxy. If it was brute forced would there be logs on the server?

The password was pretty unguessable and it had a number at the end as well, so I don't think it could have been guessed, and the member says that he's never told anyone his password.

Any replies would be appreciated, thanks.

when you go to the moderator logs, you see who used the function AND the IP... if the IP fit the old actions, you sure know it is the same person...

this is INTERNAL management... we can't help you deal with your moderators... the simple act of banning him may or may not fix the problem, it's all to you.

there is no brute-force moderator actions in vbulletin, even if you dream of it... it is impossible to hack the system from the database, the data would be incoherent after that.

[KempoMRK]

The IP doesn't fit the actions, they were under a proxy, so it still could have been the same guy. And the mod seems like a cool guy so I'm thinking it's more likely to be a hacker, we just wanna make sure. Also, by brute forcing not working, do you mean from the outside? I meant someone could have tried brute forcing his vBulletin password.

Thanks for your reply man.

[stelthius]

i beleive there is a Proxy to real IP mod/hack i say install it and move on wait for next time and in that time up your security htaccess make sure you know who has got that sort of access and keep a close eye on the logs about all you can do really, anyway good luck mate

Rick

[legionofangels]

I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.

My advice, only Admins can delete threads or posts, or even better, only admins can permanently remove.

I only allow 2 of 4 admins to permanently remove threads/posts and I'm one of them as owner so that it makes it kind of simple to know if we've been hacked or not.

[MiahBeSmokin420]

yep proxie to real ip and then add the proxie redirect you will never have another problem again

then add in that one shit whats it called the AE mutipule login dectctor and multiple login ban

you will nerver have another problem with people again ban them and then there gone

ive banned over 25 people from my site fro doing dumb ass shit and the tried for about 2 days to get back on the site and they couldnt get bake on

so ya just search the site for them things and you should be good to go

but i got to go update my vb

[slappy]

Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,

[Paul M]

Quote:

Originally Posted by legionofangels

I used that add on, and it doesn't always work. Not saying it's bad but we gave up on it.

It only works if the proxy server passes on the original IP details. Hackers would (obviously) use proxy servers that do not.

[KempoMRK]

Quote:

Originally Posted by slappy

Have you considered the possibility of restoring a back-up which might contain the deleted Threads? If you backup on a daily basis, this should be possible. Then you would only loose those threads between the backup time and when you restore the backup.

Just a thought.

Regards,

The main owner of the site came on and luckily he had a backup from the day before, so all the important stuff was restored.

We still can't work out who did it though. I'll look into the proxy unveiler thingy.

Thanks to everyone else for the replies.