The Arcive of Official vBulletin Modifications Site.

tpearl5 · #1 05-19-2003, 06:52 AM

To my surprise at about 5:30 today someone gained access to one of my admin's accounts. They edited my account so I wasn't an admin anymore. I quickly edited the database and made myself an admin again. I changed some things back that the hacker messed with. (my advertising banners, and site name) At this point I had to go to work.

When I got home from work at about 1am my other admin's name was taken, and the same was done as before. He put 'their' banner on the top of the page both times and said "LHK Ownz" or something. I changed everything back again and added some heavier security this time. Also got some IP's of the names. One looks like a proxy and the other is an AOL IP.

This was the banner he displayed on my site:
http://www.angelfire.com/ca6/monkeeyz/lhk.jpg

So how could two seperate accounts be compromised? I'm running v 2.2.8 so all passwords are encrypted. They did not gain access to the backend of the site or the database itself. Just the vB control panel.

:ermm:

Can anyone offer a little insite as to where the security breech could be?

majin gotenks · #2 05-19-2003, 07:47 AM

maybe bruteforce? or do you have another admin or two? they may know one of their passwords.
BTW what a lame name leet hackers krew :|

Talisman · #3 05-19-2003, 08:05 AM

But...

If they knew the password for a third admin's account and they used that to gain access to the ACP, this still wouldn't let them get the password to tpearl5's primary and backup admin accounts.

I gather he's already checked the adminlog, so he knows which admin accounts the hacker[s] used to log in.

Chris M · #4 05-19-2003, 08:50 AM

Not to sound off my own hacks, but I have a few vB security hacks you could install, to try and prevent this

Satan

Erwin · #5 05-19-2003, 09:56 AM

Very odd. Make sure you disable all other admin accounts, and that getadmin.php is not anywhere on your server.

Tony G · #6 05-19-2003, 11:19 AM

Best thing to do is maybe keep yourself an admin only, as you can just re-admin yourself via the database. This can limit the access if they've cracked one of your admins accounts passwords?

That probably didn't make sense. =/

Bison · #7 05-19-2003, 11:44 AM

Passwords are a killer ... sometimes member join other forums and use the same passwords from another. This looks like the case with your forum. If remembering passwords are a pain in the butt for some of you, here's a free program that I reccommnd to all of my members (RoBo Form): http://fileforum.betanews.com/detail...fid=1014298205

Also, one of the guys in the Full Release Section created a very nice password changer hack that requires all members to change their passwords after a period you can define. You don't have to have all members change then, but you can make it a requrement for your staff to change their passwords.

For added saftey, it would be best to make it so that each password contains numbers and letters, and require that they are at least 6 characters.

filburt1 · #8 05-19-2003, 01:44 PM

Yet another fact to enforce the rule that you should never have another administrator

Chris M · #9 05-19-2003, 05:11 PM

Indeed

Chris

Tigga · #10 05-19-2003, 05:33 PM

Quote:

Today at 10:44 AM filburt1 said this in Post #8
Yet another fact to enforce the rule that you should never have another administrator

Agreed. I have 2 other admins on my site, but once vB3 is out, they will be cut down to mods.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06871 seconds Memory Usage 2,252KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!