Announcement

Collapse
No announcement yet.

bypass registration? hacked registration process?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bypass registration? hacked registration process?

    Installed version: vBulletin 3.8.6 Patch Level 1
    PHP version: 5.2.17
    Apache2
    Safe Mode Enabled

    Users are able to register, aparently through some hack,. not clear on what exactly,. I'm looking the the 8646&i and wondering if this is where the hack is:

    The user registered twice today:

    myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:08 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:11:29:09 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16154 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:11:32:20 +0300] "GET /forums/register.php?a=act&u=8646&i=8bf0c49d84c51b1c1fc2b9eb76c642e592a4a018 HTTP/1.0" 200 30235 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:11:38:25 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13812 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"



    myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:21 +0300] "POST /forums/register.php?do=register HTTP/1.0" 200 28176 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:02:53:30 +0300] "POST /forums/register.php?do=addmember HTTP/1.0" 200 16151 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:03:56:25 +0300] "GET /forums/register.php?a=act&u=8645&i=07dc0936872833f24e65804528df16320ead39f4 HTTP/1.0" 200 30234 "-" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
    myforum.tld.log:92.241.169.160 - - [20/May/2011:08:45:59 +0300] "POST /forums/login.php?do=login HTTP/1.0" 200 13811 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"


    Is this a bug? Is this being handled in later versions?

    Thanks,

    -Sup.

  • #2
    I don't understand what you think you are seeing that is wrong. They go to the register page to register (do=register), they fill out the form and submit it (do=addmember), then they activate the account from their email (a=act), and then they login (do=login).

    What do you think is being hacked?

    Please don't PM or VM me for support - I only help out in the threads.
    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
    Want help modifying your vbulletin forum? Head on over to vbulletin.org
    If I post CSS and you don't know where it goes, throw it into the additional.css template.

    W3Schools <- awesome site for html/css help

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X