Announcement

Collapse
No announcement yet.

Username change trail?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Steve Machol
    replied
    Why would anyone go to the trouble of hacking your site just to change one user name? Frankly that doesn't make a lot of sense to me.

    Leave a comment:


  • Broncos
    replied
    No, this is anonymous and allows them access to one directory only and they cannot go into the web files.

    Leave a comment:


  • Andy Huang
    replied
    There have been 2 (? not sure) possible exploits with 3.0.0, and neither allows modification to database values (if I'm not mistaken). It is most likely done through database directly. However, an upgrade to 3.0.3 is advised to fix these exploits.

    FTP access which allows the user to view your vBulletin files is strongly not advised. If the user can see your vBulletin files, they can easily look into the configuration file and obtain username and password for your database. From there, the person can have the same amount of access as you have; except, more flexible and more dangerous. Please make sure that the user does not have access to any of your vBulletin .php files.

    Leave a comment:


  • Broncos
    replied
    I checked the logs and spoke to my hosting provider. Change was not made in Admin CP under my username. They think it could have been done with a URL hack of somesort with vBulletin? I'm on version 3.0.0. Sound possible? Is that an "exploitable" version?

    I do allow anonymous FTP for one employee, that a hazard?

    Leave a comment:


  • Andy Huang
    replied
    Only two posibilities:
    1) Admin user (your) password is too basic or have been compromised.
    2) Someone with database access modified it.

    There is no other posibilities of this happening if you are on a stock vBulletin.

    Suggestions:
    1) Use a more secure password for admin user, and add .htaccess file to your /admincp folder
    2) Change your database password to someone complex (IE: a23d;@Yw9_) and make sure no one else other than you have FTP / database access.

    Leave a comment:


  • Broncos
    replied
    No, stock vBulletin.

    Leave a comment:


  • Steve Machol
    replied
    Someone can also do this if they have access to your database.

    Leave a comment:


  • Zachery
    replied
    Do you have any hacks installed whatso ever?

    Leave a comment:


  • Broncos
    replied
    I found a trace of the name change in a search that was run. Since I am the only admin and did not make the change can you tell me where this had to have been made so I can check with my web hosting provider to see if there was any hacking done?

    Is the Admin CP the only place a hacker could enter to change this?

    Leave a comment:


  • Broncos
    started a topic Username change trail?

    Username change trail?

    I have a username that appears to have been changed but not by me. If it can only be done via the AdminCP is there any trail in the database somewhere where I can see if username A used to be username B type thing? If I think the new username used to be something else is there any way to show that?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X