Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
  #1  
Old 02 May 2007, 22:24
kiristine kiristine is offline
 
Join Date: May 2007
Question rogue admin, please advise

Hello All,
I have a rogue admin which we have had to ban. We have changed our vbulletin and ftp passwords so that he can no longer access the site, but he claims that he can destroy the site through the Advanced Warning System. He installed and configured it and never passed any of that knowledge on, so I am not sure what to believe. I really doubt he can do anything, but I would like to be sure.

Is it possible for him to damage our site through AWS when he does not have access to the VBulletin admins?

Thanks,
Kiristine
Reply With Quote
Comments
  #2  
Old 08 May 2007, 13:38
Chris-777's Avatar
Chris-777 Chris-777 is offline
 
Join Date: Jan 2006
Real name: Chris
I'm not familiar with AWS as I don't use it, but it if requires access to the AdminCP:

http://www.vbulletin.org/forum/showthread.php?t=105759
Reply With Quote
  #3  
Old 08 May 2007, 19:26
SCRIPT3R SCRIPT3R is offline
 
Join Date: Jan 2005
anything's possible... i would remove the AWS to be on the safe side. the little benefit the hack provides is not worth a complete system loss IMO.
Reply With Quote
  #4  
Old 12 May 2007, 20:25
cfitzarl cfitzarl is offline
 
Join Date: May 2007
Real name: Chris
Have you tried to ip ban him, user ban him, and any other banning methods? Have you removed the AWS?
Reply With Quote
  #5  
Old 31 May 2007, 17:31
kiristine kiristine is offline
 
Join Date: May 2007
Question

We havent removed the AWS because we use it really heavily. He is banned, but I am sure he has figured out ways around that. Today we got this message on the forum:

((((Hi there My Creator
SuperAdmin found = 1
ID #: 1
Nick used: webmaster
Echo System: ON
Senemmar System: OFF
SuperAdmin is yours now, Creator
you shouldn't change my work without my permission
you shouldn't leave this woman showing her hate this way
Kindly Remove AWS and pray for forgiveness
I am guessing he has found some kind of loophole. Any ideas on how he did this?

Also, is there another tool we can use that performs similarly or is AWS really the only option? At this point I would not be averse to paying for a tool that provides the functionality we need.

Thanks in advance!
Reply With Quote
  #6  
Old 31 May 2007, 17:34
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Real name: David
the default infractions system is like this. only 3.6 though. was that message a pm of sumthing else?
Reply With Quote
  #7  
Old 31 May 2007, 17:41
kiristine kiristine is offline
 
Join Date: May 2007
My theory is that the former admin is using AWS to continue to monitor the site. Someone had posted a comment on the forum that they would like to rename AWS. A reply was posted by the robot with that message. The guy was flexing his muscles to prove that he still has control.

By the default infractions system, you mean what ships with Vbulletin OOTB, correct?
Reply With Quote
  #8  
Old 31 May 2007, 17:43
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Real name: David
here's a description of the infractions system
what version of vbulletin are you running?

http://www.vbulletin.com/docs/html/m...ractions_intro
Reply With Quote
  #9  
Old 31 May 2007, 17:50
kiristine kiristine is offline
 
Join Date: May 2007
Thanks for the link.

We are running Vbulletin 3.6.4 and AWS 3.6.0.
Reply With Quote
  #10  
Old 31 May 2007, 17:53
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Real name: David
the infractions system is already their then. its basically a warning system

i strongly suggest you take out AWS
Reply With Quote
  #11  
Old 31 May 2007, 18:13
sv1cec sv1cec is offline
 
Join Date: May 2004
Real name: John
I PMed you already.

If your board is not heavily hacked, shut down your vB, change the password to your database, change the SuperAdmin user id to a new user id, change every Super Admin and Admin password and then re-upload the vB files and AWS files from the distribution zip file. More than likely this person has changed the standard vB distribution to allow him in the system even if he is banned or deleted from the database. That is not something that AWS does. AWS follows vB standards for authentication etc. It's your vB files that you should worry about most.

Enigma1234, the build-in vB system is far from being equivalent to AWS.
__________________

John
SV1CEC

Last edited by sv1cec; 31 May 2007 at 18:17.
Reply With Quote
  #12  
Old 04 Jul 2007, 00:17
0tolerance 0tolerance is offline
 
Join Date: Jun 2007
I think this guy is just throwing empty threats around, if you didnt know him before to be some brilliant hacker, chances are he still isnt one.

tell him to f$%k off! If he does hack your board, hes an idiot..
you have his threats, his IP address...
the second it happens call the cops.
internet crimes can give you a suprisingly lenghty jail sentence.

just back your database up once a week and you will be fine.
__________________
Exasco.info - Exasco is a community that helps people, there’s no fees, just friendships.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 19:23.

Layout Options | Width: Wide Color: