Register Members List Search Today's Posts Mark Forums Read

Thread Tools
Old 22 Sep 2010, 21:32
ElfenLied1337's Avatar
ElfenLied1337 ElfenLied1337 is offline
Join Date: Aug 2009
Having a problem with a hacker

First of all, I wasn't really sure where to put this, I apologize if it's wrong, right now though I really just want to stop this guy. I'd put it on the site but I don't have the license info and the guy that does isn't online often.

A few days ago I received an IM from some guy saying that there was a bug/exploit on the site and we should back things up. I didn't take him too seriously but we have backups regardless.

The next day, our site was, apparently, hacked. I wasn't on at the time so I don't know all of the specifics but we do have a screen from someone else:
It's a little fuzzy but he signed it "...%", which is the MSN username he used when I was IMed.

We restored our backups and everything was okay, but he continued IMing me. He wasn't mean or anything, and he gave a little info about what he was doing. He could read our hidden staff forum, he knew my password, and apparently had admin access -- all without having an account. He said something about it being a bug in the sql database or the php files, and that he got into our server in less than 10 minutes.

Today he registered as a normal user on our site. He proceeded to change his usergroup to Coder (something akin to a sectional mod that we have on our site, they don't have much power), change his user title (we have that as a benefit for our special members only), and give himself reputation (which you're normally not able to do). One of our admins banned his account, IP address, and email.

He IMed me about this today, angry at the guy who banned him, saying he would "ban him forever". The guy is Italian so we didn't communicate too well all the time.

He has since logged off, he seems to be on friendly terms with me, for whatever reason.

We're all kind of freaking out about this, and any help is appreciated. If you need more info I'll provide it.

Here's a link to our site:
There's an error on the main page now but if you go to you should be able to view the site. Most of the evidence is gone.
We have disabled all plug-ins too.
Reply With Quote
Old 22 Sep 2010, 22:22
MichaelDance MichaelDance is offline
Join Date: Dec 2009
Real name: Michael Dance
I would contact your webhost, with the last known IP for him.

They can ban him from their hosting server and that should solve it, Change the admincp URL.

In config.php

// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';

change the admincp to something else and the modcp.

This should stop him, put a password on the folders,

CPANEL > Password Protect Directories > click folder url, then tick the box put a message save. > Add user and password to them and then save again....

I hope this helps if not, change host or everything linked to this childish kid.
Reply With Quote
Old 23 Sep 2010, 14:34
AntonLargiader AntonLargiader is offline
Join Date: Dec 2005
If he can read files, he can see the MySQL password and change the data tables that way. I would change the password on the hosting account and let the host know that you have been hacked. Then see about moving the MySQL password out of web-readable space and change it regardless. I don't think you're going to fix this within vBulletin.
Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

New To Site? Need Help?

All times are GMT. The time now is 13:04.

Layout Options | Width: Wide Color: