Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-08-2011, 02:46 PM
Nipponowners Nipponowners is offline
 
Join Date: Jun 2011
Location: Hull, U.K
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default sercurity issue V4.1.4

guys please help..

Ive got the add-on VSA-Donate on my forum. For some reason (i dont know why) someone is able to acess the vbulletin CP panel and change the paypal adress for my website!

ive changed the password numerous times and ive never given it to ANYONE..

i have no idea what to do, i dont want people to pay the club a donation and it not come to the club if you know what i mean..

i thionk this is a serious security issue and i need it sorting out..

PLEASE HELP ME

regards
dan

--------------- Added [DATE]1312819077[/DATE] at [TIME]1312819077[/TIME] ---------------

the "Hacker" has been able to upload pluin's/addons and change coding....


HELP ME
Reply With Quote
  #2  
Old 08-08-2011, 03:03 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Nipponowners View Post
guys please help..

Ive got the add-on VSA-Donate on my forum. For some reason (i dont know why) someone is able to acess the vbulletin CP panel and change the paypal adress for my website!

ive changed the password numerous times and ive never given it to ANYONE..

i have no idea what to do, i dont want people to pay the club a donation and it not come to the club if you know what i mean..

i thionk this is a serious security issue and i need it sorting out..

PLEASE HELP ME

regards
dan

--------------- Added [DATE]1312819077[/DATE] at [TIME]1312819077[/TIME] ---------------

the "Hacker" has been able to upload pluin's/addons and change coding....


HELP ME
Upgrade your forum to the latest version as it fixed such a security issue. Or at least apply the patch.

https://www.vbulletin.com/forum/show...17#post2191617
Reply With Quote
  #3  
Old 08-08-2011, 03:08 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What exactly are you saying is an issue ?

If you believe the mod has an issue then I suggest you disabled or remove it, and contact the author to confirm if there really is an issue.
Reply With Quote
  #4  
Old 08-08-2011, 03:30 PM
Nipponowners Nipponowners is offline
 
Join Date: Jun 2011
Location: Hull, U.K
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ive totally removed the plug-in and will have to see what my programmer says. put as i said whoever has done this has been able to add and code plug in's.

i shall update to the latest version and contact the person who made the vsa-donations add-on

thanks for the help

regards
dan
Reply With Quote
  #5  
Old 08-08-2011, 03:31 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sounds like you might have a rogue staff member.
Reply With Quote
  #6  
Old 08-08-2011, 05:37 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Check your control panel log in Statistics and Logs. Check for unknown names and cross check IP addresses.

EDIT: with this kind of stuff going on you had better have your user id number in undeletable and unalterable users in includes/config.php on the server.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:28 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04315 seconds
  • Memory Usage 2,206KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete