Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 20 Dec 2011, 14:31
mrfarb mrfarb is offline
 
Join Date: Jan 2010
new user signed up as Admin

I had a user sign up with no email and no IP address - was also listed as an Admin! I immediatly deleted the user account. Username was TeamPS. My question is, how did he sign up? Was this breach through the host or from a VB exploit? I was running 4.1.7 which I have now upgraded to 4.1.9 - with the holidays and work I was behind on my update.

Any ideas on what I should do to secure the forum? I had no ill effects from the breach....luckily.
Reply With Quote
  #2  
Old 20 Dec 2011, 14:37
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
My first suspicion is, another of your admins might have created the account?
Reply With Quote
  #3  
Old 20 Dec 2011, 14:39
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Cool

Originally Posted by mrfarb View Post
I had a user sign up with no email and no IP address - was also listed as an Admin! I immediatly deleted the user account. Username was TeamPS. My question is, how did he sign up? Was this breach through the host or from a VB exploit? I was running 4.1.7 which I have now upgraded to 4.1.9 - with the holidays and work I was behind on my update.

Any ideas on what I should do to secure the forum? I had no ill effects from the breach....luckily.
Ahh one of those p0wersurge members... Well you did the right thing by removing then immediately updating.

I would also:
1) Change database passwords *Don't forget to update the config.php files for vBulletin and any other software running on your site.
2) Change FTP account passwords.
3) .htaccess protect your admincp and modcp here are some useful links;
.htaccess authentication generator:
http://www.htaccesstools.com/htaccess-authentication/
.htaccess password generator:
http://www.htaccesstools.com/htpasswd-generator/
4) Check to see if they added any admin accounts, on one site they changed the primary admin account name to what they desired and went so far as to re-create the admin accounts w/ the same details but no admin permissions to throw the site owners off for a little bit.

I know adding in .htaccess will help, what they seem to be exploiting on most sites is the admin account name and password (therefor the changing of db and ftp passwords is more precautionary at the moment, the most important thing is to add .htaccess protection to your admincp and modcp folders) however if they don't have access to the server there's no way they can bypass the .htaccess protection and yes that means use a entirely different username and complex password when creating the .htaccess and .htpasswd files. Also on that note, be sure the .htpasswd is stored above public_html i.e. in /home/accountnamehere/.htpasswds
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 20 Dec 2011 at 14:52.
Reply With Quote
  #4  
Old 20 Dec 2011, 14:46
mrfarb mrfarb is offline
 
Join Date: Jan 2010
Thanks. I temporarily suspended new registrations- would that even help?
Reply With Quote
  #5  
Old 20 Dec 2011, 14:48
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by mrfarb View Post
Thanks. I temporarily suspended new registrations- would that even help?
Yes and no, change your admin account password too I forgot to mention that and add in the .htaccess protection - do that now!
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #6  
Old 20 Dec 2011, 14:56
mrfarb mrfarb is offline
 
Join Date: Jan 2010
Thanks. I am doing it at this moment! You are the last Superman....
Reply With Quote
  #7  
Old 20 Dec 2011, 17:05
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
^ Now remember, this will help drastically however they can still do anything you normally can outside the admin control panel if they obtain your credentials.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Signed Posts v2.0, Nick names Roms vBulletin 3.5 Template Modifications 7 31 May 2006 03:13



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:44.

Layout Options | Width: Wide Color: