Announcement

Collapse
No announcement yet.

Someone is trying to steal or crack my vb password!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Someone is trying to steal or crack my vb password!

    ok check this out:



    http://WWW.YOURDOMAIN.COM/VB/member.php?username=USERNAME&password=PASSWORD&action=login&url=%2FFOLDER%2Fnewreply.php



    Ok

    YOURDOMAIN = your domain name

    USERNAME = your user name

    PASSWORD= your password

    %FFOLDER% = ex %Fvb% or for ex %Fmyboard%



    Good?!

    every thing is strait foreword, right?! Yes it is..

    all you have to do is know an admin user name and put an automated script to try thousands of passwords and he will crack you board by obtaining you admin or moderator name and password

    or at least brakes you privacy..

    any idea how to stop hem?!

    he is doing it to me and stole one moderator's username and password!

    what if he gets the admin password?!



    Many thanks

    Anmar

  • #2
    First of all you are running an older version of vB (2.2.9) that has known security holoes. You need to upgrade to 2.3.4 to fix those holes.

    Second, can you please restore the vBulletin/Jelsoft copyright to your footer template? Right now you are in violation of the license agreement. At a minimum the copyright must read:

    vBulletin, Copyright ©2000 - 2004, Jelsoft Enterprises Limited.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      Originally posted by Steve Machol
      You need to upgrade to 2.3.4 to fix those holes.
      If it is a "hole", I can confirm that it exist in 2.3.4

      Comment


      • #4
        If so, then please send the complete details of this 'hole' and exploit to [email protected] so we can investigate and fix it, if confirmed.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Originally posted by Steve Machol
          First of all you are running an older version of vB (2.2.9) that has known security holoes. You need to upgrade to 2.3.4 to fix those holes.

          Second, can you please restore the vBulletin/Jelsoft copyright to your footer template? Right now you are in violation of the license agreement. At a minimum the copyright must read:

          vBulletin, Copyright ©2000 - 2004, Jelsoft Enterprises Limited.
          I did not understand do you mean in my board?!
          if yes it is there and i have never took of any copyright from any of my softwares installed on my server OR desktop pc!

          Comment


          • #6
            I don't see the copyright notice here:

            http://www.cdlr.net/English/cdlrboard/index.php?s=
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Originally posted by Steve Machol
              I don't see the copyright notice here:

              http://www.cdlr.net/English/cdlrboard/index.php?s=
              It's there it just blends in with the other colors and its kind of hard to read...

              Comment


              • #8
                As per the license agreement the copyright must be readily visible.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment


                • #9
                  Originally posted by Steve Machol
                  As per the license agreement the copyright must be readily visible.




                  Check it know it should be fine



                  Now can we fix this URL problem that i came here for?!

                  someone is using an automated script trying thousands of password and if he continues he well break the board and steal the password and gain access as an admin or mod and he will do a mass delete, move or what ever!

                  Comment


                  • #10
                    I just checked and I still do not see the copyright notice. Just letting you know that your license can be revoked if you do not restore it. Make sure you restore this to the footer template in ALL your template sets.

                    Also as I said you need to upgrade to 2.3.4. At this time there are no known security exploits in that version.
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography


                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    Comment


                    • #11
                      Originally posted by Steve Machol
                      I just checked and I still do not see the copyright notice. Just letting you know that your license can be revoked if you do not restore it. Make sure you restore this to the footer template in ALL your template sets.

                      Also as I said you need to upgrade to 2.3.4. At this time there are no known security exploits in that version.
                      Ok it should be fine now...
                      i made it more darker

                      by the way the same problem i have in 2.3.4 (i tested it on my upgrade folder)

                      we must fined a fix ASAP to make the board more securer
                      Anmar

                      Comment


                      • #12
                        It stills shows you are running 2.2.9 - not 2.3.4.
                        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                        Change CKEditor Colors to Match Style (for 4.1.4 and above)

                        Steve Machol Photography


                        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                        Comment


                        • #13
                          There is nothing you can do against a brute-force attack. I would suggest adding .htaccess-based protection to the admin and mod CPs and look at your access logs for IPs to ban.

                          If you run vB3, you can receive e-mails for account lockouts. There is also a hack for vB2 that e-mails you on a failed admin CP login.
                          --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                          Web Design Forums.net: vB Board of the Month
                          vBulletin Mail System (vBMS): webmail for your forum users

                          Comment


                          • #14
                            Honestly though what is to stop them from actually using the Admin Options on the bottom of the thread, once they logged onto the board as yourself?
                            @[email protected]

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X