No announcement yet.

Hacking is becoming a problem on my forums

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacking is becoming a problem on my forums

    Alright Team,

    I've been alerted to the fact that various users on my forum are hacking other users accounts. Now as much as I'd like to ban them, this isn't a decent enough reason.

    I need proof.

    I've had a lot of people complain that their PM Inbox has been read by others and as much as I assure them it is near on impossible and to change their password to an alpha-numerical to prevent this, it still goes on.

    I am interested in installing the failed login logging, but I won't be able to do this for a few days. What else can I do when I do come around to installing this?

    Also 'how' can people be hacking others passwords. Are they getting them form the database? Are they running a program? Are they just guessing?

    All help would be superb.


    Talking loud but aint saying nothing.

  • #2
    Make sure you are running the latest version of vB - 2.2.6. I'm not aware of any security holes in it that would allow people to 'hack' into other accounts. It could be that the passwords are weak and being guessed.

    BTW, vB 3.0 will have a limit on failed login attempts.
    Last edited by Steve Machol; Thu 18 Jul '02, 4:06pm.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    • #3
      The first thing that most hackers will use are common, everday words (which many people use, hence making it very easy to guess their password (an example would be maybe their website name, their username, and other such things)). I would suggest telling your users to make a random number & letter password and write it down, it is much harder to guess a string of numbers and letters than it is an everyday word.

      - SaintDog


      • #4
        Thanks guys,

        This is really doing my head in as my site is different in that a *lot* of the members regularly meet up. So news of someone hacking accounts is disrupting both the online and offline community.

        Hence banning a member online won't really do much about the offline scene.

        Cheers anyway

        Talking loud but aint saying nothing.


        • #5
          My password is the serial number on the outside of my cable modem, i use items around my room such as barcodes etc. The best source for passwords
          Scott MacVicar

          My Blog | Twitter


          • #6
            i use klingon words. i got a klingon dictionary at a star trek convention when i was younger.


            • #7
              Originally posted by Jakeman
              i use klingon words. i got a klingon dictionary at a star trek convention when i was younger.
              ah, is why the dictionary attack wasn't working, using the wrong dictionary
              Motorsport Forums


              • #8
                Do any users share a computer? I have a lot of users who access my message board from a particular place and sometimes a user will forget to log out (or not be aware that they need to). I myself got "hacked" in this manner. Someone read my personal notes and passed on information to the person referred to in some of the messages.

                Personally, I think that the user cp/private messages should require a password everytime you log in myself.


                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.