Announcement

Collapse
No announcement yet.

Admin Demo been hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Admin Demo been hacked?

    A friend is interested in vbulletin and went to try the admin demo:

    http://www.vbulletin.com/admindemo.html

    He clicked the admin demo and saw something unexpected, I thought I'd let you all know as it looks kinda bad.

    Click the link at the bottom, it says "**** vbulletin".

    It looks like someone hacked it or something.

  • #2
    http://www.vbulletin.com/admindemo/reset.php

    Comment


    • #3
      Thats better

      Comment


      • #4
        It gets "hacked" a lot. The problem is it's not quite hacking given that the admin password is given in clear text. But the 12 year olds get joy out of it
        --filburt1, vBulletin.org/vBulletinTemplates.com moderator
        Web Design Forums.net: vB Board of the Month
        vBulletin Mail System (vBMS): webmail for your forum users

        Comment


        • #5
          we log anyone who attempts to enter redirects and they get banned from the admindemo.

          I'll edit the logger to catch those who remove the copyright or put cuss words in any templates.
          Scott MacVicar

          My Blog | Twitter

          Comment


          • #6
            GuidelinesSince this is a public test area, it's important not to make any changes that can aversly affect (or disable) the test forum. Also, we ask you to please keep the content of the forum "clean" - remember that this is a family site! The forum is reset every day at 12pm.
            Note: If you would like an administrator to reset the boards for whatever reason, please click here.

            URL doesn't work and also, admins don't reset it any longer.

            Comment


            • #7
              You get that kind of thing a lot, ticks me off personally, but well, some abuse services, and others don't.

              pheh...

              Comment


              • #8
                One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

                We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

                And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment


                • #9
                  Steve, it's unfortunate that this keeps happening.

                  You try to showcase your product without making people pay to try it, and people have no respect at all for that. If the reset script doesn't use up too many server resources, you could reset it more often, but you'll always be at that disadvantage.

                  Hopefully someday people will stop acting childish and will respect you and your business.

                  Comment


                  • #10
                    Originally posted by Steve Machol
                    One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

                    We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

                    And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.
                    Steve is right... and its not hacking in any case its just template modifactions. SAo Technically if they themselves say it was 'hacked' it technically wasn't

                    Comment


                    • #11
                      Well what can be done is have a unqiue demo generated for every visitor instead of having one demo for everyone.

                      For an example, try to take a demo at any interactivetools.com products.

                      Comment


                      • #12
                        Hey, I saw that just today...........! Or make it so that any changes will be reset after having been made for 1 min. So someone could change a template and after 1 min it'll be reset back.

                        Comment


                        • #13
                          Theoretically possible by creating a database for that user based on the sessionid. Of course it would have to have a session count limit to prevent people from flooding it and then just filling up the entire server with junk databases.
                          --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                          Web Design Forums.net: vB Board of the Month
                          vBulletin Mail System (vBMS): webmail for your forum users

                          Comment


                          • #14
                            Well think about it... lets say that each demo session will be deleted in 15 minutes after the last activity on the demo. Then have a certain limit on how many demos can be active at a time with some "que" system for when the limit is reached. A signle user can only have one demo to him or her.

                            Comment


                            • #15
                              ...or you can set up something where you need to create a username and pw, and verify an e-mail address. Then, add into the two global.php files code to check that username and pw (HTTP authentication). Finally, set up a script that people can go to if some 12 year old messes with it, and it'll send some administrator a note with (a) the IP, (b) the e-mail address, and (c) the time so that they can check the logs, and see what page referred the person to the admin demo, and you can contact the owner of THAT page....

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X