Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-11-2009, 04:40 AM
Nadavy Nadavy is offline
 
Join Date: Nov 2008
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default My Forum Has Been Breached

So repeatedly over the past couple days, several of our admin accounts have logged onto the forum and started posting inappropriate comments and talking about how we have been hacked. They keep saying they are unstoppable.
We installed an ip block so that only a few of us can get into the admin panel.
Is there any sort of MOD that I can download that only allows certain IPs into certain accounts?
Any suggestions?! Help!
Reply With Quote
  #2  
Old 06-11-2009, 05:36 AM
Attitude5ire's Avatar
Attitude5ire Attitude5ire is offline
 
Join Date: Feb 2006
Posts: 791
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

When you have more admin accounts..the risk of getting breached is also higher. You need to secure ur ACP more.
Firstly backup ur forum database just in case.
Password protect ur ACP using .htaccess password
Assign ur admin account strong passwords.
If they still keep getting breachd. just suspend them for a while and patch more areas. Also ask they to make sure they havent been hacked cos someone might have a keylogger installd in ur admin accounts.. so its hard to pin point but just suspend till u take all precautions.
Reply With Quote
  #3  
Old 06-11-2009, 07:51 AM
Scotteh Scotteh is offline
 
Join Date: May 2009
Posts: 28
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

in your home/public_html/forum there should be the admincp folder, in that there should be a .htaccess file.

Then you can add;

Order Deny,Allow
Deny from all
Allow from IPADDRESSOFADMIN1, IPADDRESSOFADMIN2

etc (use comma to seperate)

So it denies access to it from everyone apart from those specific IP's, however a vast amount of people have dynamic IP's now so it may be alot harder.
Reply With Quote
  #4  
Old 06-11-2009, 08:02 PM
Nadavy Nadavy is offline
 
Join Date: Nov 2008
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We installed an .htaccess thing.
So that stopped them from being able to do serious damage...
but they can still log onto the admin acounts =/

Anything else?
Reply With Quote
  #5  
Old 06-11-2009, 08:13 PM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Change the passwords to the database, and as Attitude5ire said, change the passwords of all admin / mod accounts. Do it from a secure computer, as one or more of the admins may have keyloggers on their computer.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:47 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03860 seconds
  • Memory Usage 2,190KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete