Announcement

Collapse
No announcement yet.

New Member Became Administrator

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Member Became Administrator

    I had a new member sign up recently and he was showing up as an administrator before I went in and changed it. In the admincp he showed as a registered member with administrator checked in the additional usergroups.

    Does this sound like someone who got in my system somehow, or maybe a bug? Have you ever seen this before?

    Thanks,

  • #2
    Check your promotions, and ensure non of the addons or plugins that you have security issues. This should not be possible in vBulletin 3.5.4.

    Comment


    • #3
      I changede the guy who "became an administrator" back to just a registered user but a couple days later and HE's BACK to administrator. This is scarey. I had even changed my password.

      Has anyone else seen this? Seems like a bug or a security issue to me. How else would he be able to become an administrator? I'm the only administrator no one else could have done it.

      Help!

      Comment


      • #4
        No, what version of vBulletin are you running? Why did you not delete this user?

        Reupload all of the original vBulletin files, if you are not running 3.5.4 or 3.0.13 please upgrade NOW.

        Double check your files and ensure that TOOLS.php is not ANYWHERE inside of vBulletin's directory.

        Comment


        • #5
          I'm using 3.5.2 with a couple of patches.

          The first time I thought it was a fluke. The guy is posting as if he doesn't even know its happening so I just updated his profile. It happened again, and again he is posting as if nothing is unusual. If he does have some info on me (or the site) I figured he would just open another account and be pissed off. I obviously didn't want to piss him off just in case he has the ability to do some real damage.

          It's "wizard_of_oz" in this thread ... http://www.tsptalk.com/mb/showthread.php?t=2757.

          In the meantime, I'll upgrade tonight.

          Thanks

          Comment


          • #6
            Can you please create a support ticket in the members area with an admincp login as well as ftp so I can check things out.

            Comment


            • #7
              He's been updated to admin again. He hasn't signed in since Friday so I left it for you to see.

              I have upgraded to 3.5.4.

              Support ticket opened.
              Last edited by tsptom; Sun 2nd Apr '06, 7:21pm.

              Comment


              • #8
                Zachery, ticketid = 306817

                Comment


                • #9
                  Sure hope to see the outcome of this. Sure sounds scary.
                  http://www.netcookingtalk.com/forums/

                  Comment


                  • #10
                    I had changed my admincp password a couple of times but per Colin's request I changed my hosting CP, FTP and mysql passwords, plus I deleted the Impex folder which I had not done after my import several months ago.

                    The guy has signed on since but he has not been updated to administrator yet. Hopefully all is well. Again, I can't tell that he even knew it was happening. Very strange.

                    Thanks or all of your help Support Team!

                    Comment


                    • #11
                      Get his full IP in the apache .htaccess in the public_html/ folder for deny all so he can't even read any pages on the site, over time he will run out of IP addresses.

                      Comment


                      • #12
                        Or, for now, just change the ACP path to something no one would guess, and its obilously a bug if he turns back to admin.

                        Comment


                        • #13
                          Thanks. Actually, since I made the changes Colin suggested a week ago, it has not happened again. I am still watching however. I still wonder if that member even knew it was happening since nothing appears to have been done. It happened to two separate registered users.

                          Comment


                          • #14
                            Originally posted by Steve Austin
                            Or, for now, just change the ACP path to something no one would guess, and its obilously a bug if he turns back to admin.
                            If he's admin he can view the admin link in the footer of any vb page.. so renaming it won't do much.

                            Comment


                            • #15
                              Originally posted by tsptom
                              Thanks. Actually, since I made the changes Colin suggested a week ago, it has not happened again. I am still watching however. I still wonder if that member even knew it was happening since nothing appears to have been done. It happened to two separate registered users.
                              You also might want to revert some of your templates. The fact that you have two logos is kinda funky.
                              ...steven
                              www.318ti.org (vB3.8) | www.nccbmwcca.org (vB4.2)
                              bmwcca.org/forum | m135i.net
                              "I tried to clean this up but this thread is beyond redemption." - Steve Machol

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X