Announcement

Collapse
No announcement yet.

Urgent: invalid user id/password warning all users

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Urgent: invalid user id/password warning all users

    Hi All,

    I have a problem that occured today - all users receiving the notification that an invalid password was entered and the strike notice system with the 1 out of 5 warning as usual.

    I as admin was also affected by this problem.

    I created a new user id and went through the normal verification process and when attempting to login with the new id and password received an invalid password message as before (I waited the usual 15 mins).

    I upgraded a standby account using tools to admin and logged into admincp directly to gain access to admin - I switched off strike system.

    My problem is I cannot stop this behaviour (invalid userid/password) on login - I went in via a dial-up to get pass any ip problems and still I have the problem = When in admin I can open the forum but if I go out I cannot login via the normal user interface.

    Any idea where I can look for the issue.

    regards

    Roy
    RoyMogg

    http://www.bizface.co.uk

  • #2
    I have suddenly found out that I am having the exact same issue. Nothing has been changed/altered on my setup for months and until this morning, everyone was able to sign-in perfectly well, yet suddenly this exact problem has happened and it is extremely worrying.

    Is there some exploit around that would do this, or is there anything already known about such a problem?
    www.totalformat.com The entertainment portal, games, music, movies, sport and all areas of entertainment.

    Comment


    • #3
      I am having this issue since morning. Please anybody can look into this ASAP.

      Comment


      • #4
        I'm having the same problem on two out of five of my forums. I haven't received a response to my support ticket since I created it two hours ago... very frustrating.

        Edit: According to Steve Machol this is due to a modification - or modifications.
        Last edited by projectego; Sun 15 Nov '09, 9:19am.
        Devil May Cry | Fable 2

        Comment


        • #5
          I have not done any modifications to my forums since last 2 months.

          Comment


          • #6
            I have also not changed the forum

            Originally posted by Rose123 View Post
            I have not done any modifications to my forums since last 2 months.
            I have also not changed the forum software in months - I was waiting to upgrade to ver4.0.

            Also it seems localised to normal login screen - you can force a login by going via the admincp login and entering a normal user id and password - although the id cannot get into admin when you revert back to the forum url you find the user has been logged in as the cookie can be found.

            The passwords thus are there is the validation that's failing

            lets hop the vb guys can sort this one

            cheers

            RoyMogg
            RoyMogg

            http://www.bizface.co.uk

            Comment


            • #7
              Originally posted by roymogg View Post
              I have also not changed the forum software in months - I was waiting to upgrade to ver4.0.

              Also it seems localised to normal login screen - you can force a login by going via the admincp login and entering a normal user id and password - although the id cannot get into admin when you revert back to the forum url you find the user has been logged in as the cookie can be found.

              The passwords thus are there is the validation that's failing

              lets hop the vb guys can sort this one

              cheers

              RoyMogg
              I've been waiting on vB4 too and have made no changes at all in a good few months, but if there is some kind of exploit, which is what this sounds like, the chances are it would be in a modification and not in the vBulletin core code, otherwise i'm sure it would have already come to light and have been fixed.

              Sadly, as a result, I don't think they will even bother to think about looking at it, so long as any of us have any kind of modifications installed on our forums, which means either rebuilding to default, or going without support and checking every single modification installed one at a time and seeing which one/s have become exploitable. At the end of the day, anything like this ceases to be the issue of vBulletin as soon as we start tinkering. My only gripe is that having asked for assistance, that i've been given the out of the box bog standard reply from support, when all I actually wanted was some kind of help in narrowing down what kind of thing script or modification would possibly have the ability to make this kind of thing happen.

              I guess my next step is to check on the site of one of the people who have reported this and see which modifications I share in common, to see if I can narrow it down at all. Failing that, it looks like a completely fresh rebuild from scratch, which i'd really prefer not to do, seeing the thousands of hours of work i've put into the site.
              www.totalformat.com The entertainment portal, games, music, movies, sport and all areas of entertainment.

              Comment


              • #8
                I had opened support ticket and I received reply to disable all plugins and upload all the files again. It is sunday evening and I am working full time from monday to friday. I have only two options
                1. to take day off on Monday and work on my forums, which is not possible as I dont have any days off.
                2. Continue with this issue until next saturday.

                Comment


                • #9
                  The one ticket I handled regarding this was caused by modifications.
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography


                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  Comment


                  • #10
                    This has happened to our site starting today as well. I have not touched it in a few weeks and have very few plugins.

                    Someone is welcome to email me at mraburn at gmail dot com with a list of their mods and I will see if we have the same one to see if that is causing the issue.

                    Mke

                    Comment


                    • #11
                      Originally posted by Steve Machol View Post
                      The one ticket I handled regarding this was caused by modifications.
                      Do you have any idea which modifications they had installed? I'm not asking to have my hand held on this, just a bit of in the know insight into what could possibly be the cause, what scripts effect login that could be effected by modifications and that kind of thing, just so that I know where to look.
                      www.totalformat.com The entertainment portal, games, music, movies, sport and all areas of entertainment.

                      Comment


                      • #12
                        I think this is a lot bigger of a problem than realized and expect to see something coming to light soon.

                        Comment


                        • #13
                          No, I do not have the name of the specific modification that caused this. They had a lot.
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment


                          • #14
                            Steve,

                            Did the user just disable the mod or uninstall or do a fresh VB install to fix?

                            Comment


                            • #15
                              Here is everything:

                              To troubleshoot this, first reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server. Also be sure to upload the admincp files to whichever directory you have set in your config.php file. Then run 'Suspect File Versions' in Diagnostics to make sure you have all the original files for your version and that none show 'File does not contain expected contents':

                              Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions

                              [Note: In some cases you may also need to remove any of the listed .xml files in the includes/xml directory.]

                              Next, disable all plugins.

                              Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

                              define('DISABLE_HOOKS', true);

                              Then if you still have this problem, create a new style and choose no parent style. This will force it to use the default templates. Finally empty your browser cache, close all browser windows then try again. Make sure you change to the new style and view your forums with it.

                              Do you have the same problem?
                              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                              Change CKEditor Colors to Match Style (for 4.1.4 and above)

                              Steve Machol Photography


                              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                              Comment

                              Related Topics

                              Collapse

                              Working...
                              X