View Full Version : Protect your Members Area login information

vB.Org System
21 Feb 2009, 06:40
We have recently seen a number of attempts to obtain Members Area login information, and subsequently fraudulent access to licenses, through phishing attempts disguised as genuine links to other parts of vBulletin.com

Therefore, this is a reminder to all license holders to ensure that you do not enter your customer information to any page except http://members.vbulletin.com For the best security, you should always type the link in your browser and not rely on links posted by anyone other than an official member of vBulletin staff.

If you believe that you may have inadvertently been a victim of such an incident, please use this link to reset the password to your members area:


More... (http://www.vbulletin.com/forum/showthread.php?t=300740&goto=newpost)

21 Feb 2009, 10:44
yeah, i've been hit with one of these attemps i think... in the last months i received numerous requests to change my password... (when you go to the members area and click the link to "i have lost my password"...). strangely i was not requesting any password myself, so hey, i never clicked the email's link.

and hey, remember that you never have to enter your Customer Number anywhere on vBulletin, only when you Install or Upgrade your forum, and it's only once when you authenticate yourself... if you install a product and it requires your CN, report that product to vBulletin.com ... (or an admin here if you downloaded it from here!)

Marco van Herwaarden
21 Feb 2009, 11:29
There was (!!) a user on vB.com posting replies like:

To solve this issue login to members.vbulletin.com (http://www.mysite.com/passwordstealingscript.php) and download the patch.

21 Feb 2009, 11:45
people have to check the url of each link too (hover on Marco's example) ... it's easy to see it's a fake usually.

Marco van Herwaarden
21 Feb 2009, 11:49
Yes it is easy to spot, but still some customers fell for it and had their accounts compromised.

21 Feb 2009, 16:44
It's easy to fall victim if you're tired or not attentive to your links.

24 Feb 2009, 00:00
probably not a bad idea to email this reminder; rather than expect that people will check vborg.

Marco van Herwaarden
24 Feb 2009, 08:21
This warning has been posted both on vB.com & vB.org.

21 Mar 2009, 08:18
Be neat if vB could add the auth code thingy that you can now use with World of WarCraft and Pay Pal where you got 30 seconds to enter the code you see in the auth gadget they snail mail you.

22 Mar 2009, 18:10
Thanks for this info, everyone please remember this is just, if not more important than handing out admin access and ftp info to your forums. This reminds me of a few years ago when it started on MySpace and I was telling all my friends watch out for these "fake" pages but no one listened.. well apparently it became a problem because now they have the "you are about to visit an offsite page/link" page that pops up similar to the redirector mod found here on vb.org. ALWAYS be hesitant and very cautious when clicking links or visiting new sites - Additionally if you don't mind some be-in-the-ways lol, simply install browser scripts that block scripts and controls etc like No-Script for FireFox etc to make it more safe while your browsing.