The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
![]()
Our Forum is being hacked or something?
Many members, without their knowledge are posting a smile which includes somekind of a link, anyone who opens that page, a popup appears and asks for the username and password, the popup location is on another site and when the members insert their username and password, the other site is getting them: Here is an image (forum.tayyar.org is our forum url, while alhms.com is the site that is hacking us?) ![]() This is the smile that is appearing in many threads and PMs by the members (the members are not aware that they are inserting it) ![]() The smile contains this link: http://www.alhms.com/jz/smile.gif (click on it and the pop up will appear) Any idea what is happening and how can i stop it? Thank you |
#2
|
|||
|
|||
![]()
You need to figure how the smilie is getting into the posts and messages. Disable your modifications and see if it still appears. What version of vBulletin are you running?
Tell your members not to enter their details, I think the domain/folder on which the image is hosted is protected by a login. Whether the site is collecting the Login Information I don't know. But as you have correctly identified, the problem is with that image. That is what is causing the login to appear, you need to find out how it is getting there. |
#3
|
|||
|
|||
![]()
The person who is doing it opened an account and posted that he is doing it, his IP match with several other IPs that our members posted with that smile (they told me they did not post, they inserted their username and password when the page poped up).
Now i turned the Forum off, and disabled all the modifications and tried to open a page, the pop up is still showing. |
#4
|
||||
|
||||
![]()
you need to remove the image from the posts
|
#5
|
|||
|
|||
![]()
we are doing that, we emailed the person with his IP that he has 1 hour to disable what he is doing or we will report his IP to the authorities, http://www.alhms.com/jz/smile.gif is now not asking for username and pasword (he removed it) and we opened the Forum back:
http://forum.tayyar.org/f8/bug-reporting-33058/ |
#6
|
|||
|
|||
![]()
So you are saying that he used the accounts of other members to make those posts? Did he maybe steal their login info with that login popup?
|
#7
|
|||
|
|||
![]()
Ok, here is the source of the hacker: http://lebforces.org/forum/showthread.php?t=31501
When the pop up came up, i inserted the following "212.107.116.238 proxy4.cyberia.net.sa" Now that use who opened that thread in the above link is putting what i sent. --------------- Added [DATE]1207400355[/DATE] at [TIME]1207400355[/TIME] --------------- Here is what is happening, first a user (the hacker) is a manually inserting a picture (the Smile), the picture contains link and when someone opens the thread, the pop up appears, members are seeing the pop up and inserting the username and password, the username and password is going to the hacker, who is using them and posting more of the same. We know the source, but how can we stop it? I disabled html and it is still happening |
#8
|
|||
|
|||
![]()
You can not stop this unless you disable external images completly.
The best is to educate your members never to enter their board details when presented with an unexpected password popup. |
#9
|
||||
|
||||
![]()
Ban his IP at the server level, I'm sure he'll get around it, then use a replacement variable to rename the image link, censor the domain its coming from, umm thats all i can think of that may help short of disabling all external images till he moves on.
|
#10
|
|||
|
|||
![]() Quote:
Quote:
Thank you |
![]() |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|