The Arcive of Official vBulletin Modifications Site.

benative · #1 07-25-2011, 09:52 PM

is it possible for him to access admin control or my host's main root?
if so, how can you figure out if they can? and any suggestions?

Lynne · #2 07-25-2011, 10:36 PM

What access exactly have you given them so far? And are your passwords the same for every area of access - your admincp and your hosting account?

benative · #3 07-26-2011, 01:19 AM

Thanks Lynne, my admin account and hosting account have a different passwords. and he insisted to install the developed script on my server directly. so I created ftp access for him. that's about it.. that ftp access is no good anymore I deleted it. Also I changed the values in the config.php such as database name, user, and email address to notify DB errors and so on.
only one thing that bothers me is that he installed bunch of plug-ins and mods for me including his product and his products are ioncubed.. so I don't know if he put a whole in there.

Lynne · #4 07-26-2011, 02:41 AM

I would be wary of installing code on my website that I could not see.

benative · #5 07-26-2011, 03:02 AM

That was my mistake.. I admit.. but he kept insisting. Thank you very much for your consolation though. Please advise me if there is a way to figure out if there is any whole in my website.
I am not worried about him hacking my password as I use different passwords for most of everything. but my site deals with money and transactions between people so.. anyway, thanks a lot. you really are the best

Seems like I get more help from you then my former developer who was supposed help me with the bugs he created.

Frosty · #6 07-26-2011, 08:22 AM

Check in plugins and products if there's anything related to private messages - he might be spying on your members, as you said it's related to transactions.

Also compare your php files with the original ones (download from vB.com) using Notepad++ or any other similar program. If they don't match, they have been modified.

BirdOPrey5 · #7 07-26-2011, 10:16 AM

If he had FTP access he could have uploaded a script anywhere to give him complete access to everything.

The only way you could be very sure is to delete all the files everywhere on your site and re-install.

Then in vBulletin (the info is still in the database) either manually check every single plugin or just uninstall every product and re-install only what you need. (and can confirm is from a trusted source.)

borbole · #8 07-26-2011, 11:05 AM

Check also the ftp logs. There you can see what he did at your server space.

Lynne · #9 07-26-2011, 04:09 PM

And go through your access_logs to see if he he accessing some hidden script.

But, to be honest, I would uninstall those ioncubed products and tell him I want them in code I can see.

GavoTrav · #10 07-28-2011, 06:26 PM

There could be a PHP Shell which will allow him to do pretty much anything he wants even look at httpasswd files etc..

So Check everything out before allowing people on. also theres a program called "TeamViewer"

www.teamviewer.com

Which allows people to remotely access your PC if you give them a password.

You can also cut them off when you want and change password. I Recommend using that and let them install what you can see

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04297 seconds Memory Usage 2,253KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (10)post_thanks_box (3)post_thanks_box_bit (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start fetch_musername post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start post_thanks_function_fetch_thanks_bit_start post_thanks_function_show_thanks_date_start post_thanks_function_show_thanks_date_end post_thanks_function_fetch_thanks_bit_end post_thanks_function_fetch_post_thanks_template_start post_thanks_function_fetch_post_thanks_template_end tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

3 благодарности(ей) от:
borbole, Desi-Home, TheLastSuperman

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!