The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
07-01-2008, 11:12 PM
|
|||
|
|||
Missing PM - How to ID Root Cause?
I have been looking into a mystery and was hoping I could get some advice here. On a 3.6 forum a little while back, a user complained that her account had been compromised and that a certain private message had disappeared. Knowing this person as I do, I have no doubt that what she says happened did indeed happen, but I also know that vBulletin doesn't log that sort of activity (at least, I remember reading that it doesn't). I realize that there are hacks out there to address this should it happen in the future, but I am motivated to get to the bottom of this particular event, even if it was isolated.
Is it possible to run a grep command on the server, using some string with "private.php" in it, or something along those lines? Am I being too hopeful? I realize there could be an exhaustive amount of data to pour through, but I have reason to be totally OK with that. Whatever it takes, I'm willing, so long as there is potential. 
|
|
#2
07-02-2008, 05:54 AM
|
|||
|
|||
|
It would be very helpfull if you knew the pmid. Maybe you do have a backup from just before the PM disappeared to find the correct pmid (look in the backup file or restore to test database).
|
|
#3
07-02-2008, 02:14 PM
|
|||
|
|||
|
Oh, yes, I definitely have backups and restoring is not an issue. The big thing for me at this point is identifying the culprit. Maybe it's just a huge stretch of the imagination, but I was thinking that grepping on the server (or something along those lines) might reveal an IP address.
|
|
#4
07-03-2008, 06:37 AM
|
|||
|
|||
|
Once you have the pmid, you could try to find more info in your web server logs, but it is a long shot. I wouldn't know of any other way to find out what happened, could be anything from a confused user (more likely) to a hacker (very unlikely).
|
|
#5
07-04-2008, 02:30 AM
|
|||
|
|||
|
Yeah, I hear what you're saying. Turns out even if I understood what to grep for better than I do currently, the server logs probably don't extend far enough back in time anyway (as it turns out).
A related question: The same user from above also reports that the message she originally sent is now appearing as having been sent from "Guest" (with a post count of "n/a "), when she goes to her sent messages. Any idea why this might be? I suppose it could be database corruption (which means no hanky panky, afterall) but at the same time it's isolated -- it has not impacted any other private messages in this forum.
|
|
#6
07-04-2008, 06:56 AM
|
|||
|
|||
|
Has there been any changes to her account lately, any manual updates done using manual SQL or such?
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 04:51 AM.