Announcement

Collapse
No announcement yet.

Admin Demo been hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ManagerJosh
    replied
    Originally posted by filburt1
    Theoretically possible by creating a database for that user based on the sessionid. Of course it would have to have a session count limit to prevent people from flooding it and then just filling up the entire server with junk databases.
    God forbid Filburt! Imagine if some idiot DoS the admindemo area....it might crash the server :-X

    Leave a comment:


  • Game Wizards
    replied
    I'm 13 and I've got a license

    Leave a comment:


  • M4g!k
    replied
    Originally posted by filburt1
    It gets "hacked" a lot. The problem is it's not quite hacking given that the admin password is given in clear text. But the 12 year olds get joy out of it
    Agreed. They cant afford such a piece of kit. So, they'll do this. Little did they know of the power of 'Reset'!

    Leave a comment:


  • Game Wizards
    replied
    Resetting the database logs users out of the control panel, so it's rather inconvienent.

    Leave a comment:


  • S.Shady
    replied
    ok lets not forget that its a demo. no one wants a hard demo. they want to input a user and a pass thats given to them and play. we have a vb and know how to use it. but at the same time all everyone wanted to do was play with the vb3 cp so its kinda the same way with these ppl but they act more childish. so just have the database reset every 15 mins or so

    Leave a comment:


  • Sal Collaziano
    replied
    It's jealous people who take all of this far too seriously. It's very unlikely that anyone from any of vBulletin's competitors actually went and did this. It's more-likely someone who has so much pride in another message board that they're actually personally angry with Jelsoft for having something better. That's when the obsession has gone too far...

    I'll admit - I'm somewhat obsessed (www.80sxchange.com, www.cadillacforums.com, www.deerparkavenue.com, and others soon to come) - but I don't take it personally...

    Leave a comment:


  • Mephisteus
    replied
    I got one comment on the admin demo, remove the logged ip's from the admin log, or disable the admin log. Because, as stated before, script kiddies and other wannab hackers go in. Might think it's a laugh to "hack" those "idiots" that log in and have their ip's logged.

    Leave a comment:


  • Beorn
    replied
    ...or you can set up something where you need to create a username and pw, and verify an e-mail address. Then, add into the two global.php files code to check that username and pw (HTTP authentication). Finally, set up a script that people can go to if some 12 year old messes with it, and it'll send some administrator a note with (a) the IP, (b) the e-mail address, and (c) the time so that they can check the logs, and see what page referred the person to the admin demo, and you can contact the owner of THAT page....

    Leave a comment:


  • okrogius
    replied
    Well think about it... lets say that each demo session will be deleted in 15 minutes after the last activity on the demo. Then have a certain limit on how many demos can be active at a time with some "que" system for when the limit is reached. A signle user can only have one demo to him or her.

    Leave a comment:


  • filburt1
    replied
    Theoretically possible by creating a database for that user based on the sessionid. Of course it would have to have a session count limit to prevent people from flooding it and then just filling up the entire server with junk databases.

    Leave a comment:


  • Game Wizards
    replied
    Hey, I saw that just today...........! Or make it so that any changes will be reset after having been made for 1 min. So someone could change a template and after 1 min it'll be reset back.

    Leave a comment:


  • okrogius
    replied
    Well what can be done is have a unqiue demo generated for every visitor instead of having one demo for everyone.

    For an example, try to take a demo at any interactivetools.com products.

    Leave a comment:


  • Oricon
    replied
    Originally posted by Steve Machol
    One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

    We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

    And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.
    Steve is right... and its not hacking in any case its just template modifactions. SAo Technically if they themselves say it was 'hacked' it technically wasn't

    Leave a comment:


  • iDavid
    replied
    Steve, it's unfortunate that this keeps happening.

    You try to showcase your product without making people pay to try it, and people have no respect at all for that. If the reset script doesn't use up too many server resources, you could reset it more often, but you'll always be at that disadvantage.

    Hopefully someday people will stop acting childish and will respect you and your business.

    Leave a comment:


  • Steve Machol
    replied
    One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

    We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

    And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X