Announcement

Collapse
No announcement yet.

Banned member hacks ranking members account: how to get rid of login cookie?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Banned member hacks ranking members account: how to get rid of login cookie?

    One of my ranking members had their account hacked by a banned member. (hotmail brute force, followed by password retrieval) Now the forum account is compromised, as long as the banned member has the login cookie on his computer. Is there any way to reset the login status of an account or make that login cookie invalid?

    Does anyone have tips how to solve this?
    I buy 420 forums

  • #2
    I can't think of anything except resetting the cookie prefix, but that will effect all your users, not just the one.

    Please don't PM or VM me for support - I only help out in the threads.
    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
    Want help modifying your vbulletin forum? Head on over to vbulletin.org
    If I post CSS and you don't know where it goes, throw it into the additional.css template.

    W3Schools <- awesome site for html/css help

    Comment


    • #3
      Will changing the password for the account of the ranking member, make invalid: the old login cookie that the banned member has on his computer?

      Or would it help to merge the account into a newly made account, so that the userID changes? Or even doing that twice?
      I buy 420 forums

      Comment


      • #4
        1. Yes.

        2. ??? Not sure I follow.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Change the password, empty the session table. That should fix it.

          Comment


          • #6
            The userid is not found in the session table. Should I empty the salt field in the user table of this specific user?
            Last edited by Alfa1; Mon 15th Nov '10, 10:39am.
            I buy 420 forums

            Comment


            • #7
              Changing the password is sufficient. The session table is automatically emptied every one hour so that is no longer an issue.
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment


              • #8
                That is a very nice thing to read. Thanks.
                I buy 420 forums

                Comment


                • #9
                  Emptying the session table will just more quickly invalidate the cookie if the user is still logged in. Its not required.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X