User resgistered with duplicate name

**Bob Isaac** · Sat 3 Mar '12, 10:40pm

Take a look at this: https://www.vbulletin.com/forum/show...te-quot-a-user

Bob

**David Copeland** · Sat 3 Mar '12, 10:46pm

Originally posted by JDL.Lyons

A "new user" on my forum has registered an account that has duplicated the name of the administrator account. This is very troubling.

While the administrator account is currently untouched, this new user with the duplicate name is currently "awaiting email confirmation". He is registered user, with no moderation powers, but he still somehow managed to duplicate the admin name.

Here is what I have done thus far:

I checked the logs and there has been no entry into the Admin CP by his IP address. In fact, his IP is totally unique, and has never been seen before by my forum.
I checked the user groups, and there are the correct entries and number of entries in the moderator and admin user groups, and nothing additional has been added.
I have banned his IP for good measure, considering banning his entire range and country for that matter (its Brazil FYI).
I have run the suspect file version scan and turned up nothing.

I have determined that his IP address is associated with what could supposedly be a spam and phishing website/organization (IP address available upon request if you wish to ban it from your site)

I have informed all my staff people to change passwords on accounts and emails associated with my site. Is there anything I should do?

Does anyone have any ideas how this could have happened?

Try registering a known duplicate User Name yourself, and see if the registration page allows it. If so, then there is a bug.

If not, then . . .

Write down the ID number for the newly registered "admin", and write down the ID number for the established Admin. Then Access the ADMIN LOGS to see which of your admin's edited those ID numbers in the same Join Date of the most recent "admin". If no luck with the Admin's, then check which moderators accessed those ID numbers.

There are also some additional log in passwords you can implement too.

ALSO - You may wish to access your administrators account in the CP, and then block, copy, and paste his entire name into Notepad.

Then access the fraudulent User Name that appears to be a duplicate in the adminCP, and block, copy, and paste it right beneath the first name in the same Notepad.

Many times "spaces" between first and last names in a User Name can appear to be hidden.

**David Copeland** · Sat 3 Mar '12, 10:52pm

Originally posted by Bob Isaac

Take a look at this: https://www.vbulletin.com/forum/show...te-quot-a-user

Bob

That bring up another question for the author here:

What Version of VB is he running?

And, what is the contents of the box in this setting: vBulletin Options > vBulletin Options > User Registration Options > Username Regular Expression: ????

**JDL.Lyons** · Sun 4 Mar '12, 6:50am

Originally posted by Bob Isaac

Take a look at this: https://www.vbulletin.com/forum/show...te-quot-a-user

Bob

This is the problem right here...I am going to need to upgrade. Thanks for the forward.

===========================

Originally posted by David Copeland

That bring up another question for the author here:

What Version of VB is he running?

And, what is the contents of the box in this setting: vBulletin Options > vBulletin Options > User Registration Options > Username Regular Expression: ????

3.8.4

Username Regular Expression is blank (and disabled from what I understand)

===========================

Originally posted by David Copeland

Try registering a known duplicate User Name yourself, and see if the registration page allows it. If so, then there is a bug.

If not, then . . .

Write down the ID number for the newly registered "admin", and write down the ID number for the established Admin. Then Access the ADMIN LOGS to see which of your admin's edited those ID numbers in the same Join Date of the most recent "admin". If no luck with the Admin's, then check which moderators accessed those ID numbers.

There are also some additional log in passwords you can implement too.

ALSO - You may wish to access your administrators account in the CP, and then block, copy, and paste his entire name into Notepad.

Then access the fraudulent User Name that appears to be a duplicate in the adminCP, and block, copy, and paste it right beneath the first name in the same Notepad.

Many times "spaces" between first and last names in a User Name can appear to be hidden.

Registering a duplicated name does not work, my site does not allow it.

I checked his name for spaces and there were none. This fraud user had no admin access, just a regular user. The problem was the first reply to this support ticket.

===========================

Thanks for all the replies guys. I am just going to need to patch to 3.8.7

**Andy** · Sun 4 Mar '12, 7:31am

Mimicking a user name is something that can be done with all versions of vBulletin. It's done using extended characters that look similar.

Regarding the spammer, just delete the registration.

Curious what username do you use for the admin?

vBulletin 3 End of Life

User resgistered with duplicate name

User resgistered with duplicate name

Comment

Comment

Comment

Comment

Comment