The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Spammers using Moderators/Administrator accounts to Edit Old Posts
Hi -
I was wondering if anyone else has ever had this problem. Today I logged onto my site to find that one of my moderator and one of administrators accounts had been hacked. Over 2,000 older posts on my site made by these 2 staff members had been edited to insert spam links that appear under their original post like this: ________ Body Science Does anyone know where I can begin to correct this problem? I've told everyone on staff they should change their passwords immediately, but other than that, I've got no idea where to begin??? I'm running VB 3.7.4 In addition, it looks as though some of these edits do appear in the moderator logs, but only a very few of them. I've banned all the IP addresses that made the changes from the few mod log entries that I can see. All of the IP's look like proxies. Any suggestions? |
#2
|
||||
|
||||
Quote:
|
#3
|
||||
|
||||
Likely its the security issue that was discovered in 3.8.5 and below. Upgrade to the latest version.
The issue allowed people to registered duplicate staff accounts. |
#4
|
|||
|
|||
I got this issue too. total suckage. Is there anyway to see all external links coming from your site ....... as its hard to clean this up properly ?
|
#5
|
|||
|
|||
I got it as well...
|
#6
|
|||
|
|||
What measures did you all take to fix?
I was told this ... To fix the exploit you go into "Vbulletin Options > Registration Options > Username Regular Expression > input "^[A-Z0-9 ]+$" and then added this in illegal usernames @ ~ ` # $ % ^ ( ) + = { [ ] } | \ / ? < > , ; : " ' I'm hoping that fixes the exploit. |
#7
|
||||
|
||||
Also add the usernames of all your staff members to the illegal usernames.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|