Tweet
My vBulletin has been hacked?
I'm not sure how this happened. I went to my vBulletin board today and I noticed I was not logged in. Odd, but not a problem I thought. I went to my admin page and tried to log in. Invalid password it said. That can't be right I thought, I tried again, same error. I tried logging in from the forum home page - same error.
I gave up and tried a "forgot your password" thing. It said it had no record of my email address. Now I was getting scared. I checked out the user table in phpmyadmin, my email address had been changed to [email protected] and my password changed.
I've since changed my email back and edited the password.
But I am really unsure what has happened. I have two layers of security for my admin CP, both a .htaccess check with a random username of 8 letters and numbers, with a password of 15 characters, random letters, numbers and special characters.
My password is (or was) another 15 character password - random letter, numbers and special characters.
Yet this was somehow cracked?
I have my server email me as soon as someone tries to access my admin cp with the time/date and IP of the person doing so. Last Monday I got an email saying that someone from the IP 82.129.178.228 was trying to access the CP. I couldn't see a problem and didn't think anything further about it.
Again I got emails saying someone was trying to access the CP on Friday, from 212.138.47.12 (cache2-2.ruh.isu.net.sa), 212.138.47.13 (cache3-2.ruh.isu.net.sa) and 212.138.47.17 (cache7-4.ruh.isu.net.sa).
As an extra security feature I had the email script to detect if the IP was a proxy one, and if so, try and work out the person's real IP. That access attempt on Friday showed the real IP to be 212.46.48.163.
As far as I can tell, nothing has happened. Forum hasn't obviously defaced, no large amount of spam emails have been sent (to the best of my knowledge, I'm sure a few people would be complaining if it did).
A quick google search of this guy's email address gives me: http://www.lacehh.org/forums/ Or, the Google cache (with his email address): http://www.google.com.au/search?q=ca...mail.com&hl=en
Looks like he tried to deface that too maybe? Script kiddie?
I would like the satisfaction of knowing that this idiot has been arrested and thrown in jail, or at least have his ISP kill his connection, but as I can't see anything changed (except my email address and password), I don't suppose there is much I can do.
Any ideas what may have caused this or what I can do to get back at this guy?
I gave up and tried a "forgot your password" thing. It said it had no record of my email address. Now I was getting scared. I checked out the user table in phpmyadmin, my email address had been changed to [email protected] and my password changed.
I've since changed my email back and edited the password.
But I am really unsure what has happened. I have two layers of security for my admin CP, both a .htaccess check with a random username of 8 letters and numbers, with a password of 15 characters, random letters, numbers and special characters.
My password is (or was) another 15 character password - random letter, numbers and special characters.
Yet this was somehow cracked?
I have my server email me as soon as someone tries to access my admin cp with the time/date and IP of the person doing so. Last Monday I got an email saying that someone from the IP 82.129.178.228 was trying to access the CP. I couldn't see a problem and didn't think anything further about it.
Again I got emails saying someone was trying to access the CP on Friday, from 212.138.47.12 (cache2-2.ruh.isu.net.sa), 212.138.47.13 (cache3-2.ruh.isu.net.sa) and 212.138.47.17 (cache7-4.ruh.isu.net.sa).
As an extra security feature I had the email script to detect if the IP was a proxy one, and if so, try and work out the person's real IP. That access attempt on Friday showed the real IP to be 212.46.48.163.
As far as I can tell, nothing has happened. Forum hasn't obviously defaced, no large amount of spam emails have been sent (to the best of my knowledge, I'm sure a few people would be complaining if it did).
A quick google search of this guy's email address gives me: http://www.lacehh.org/forums/ Or, the Google cache (with his email address): http://www.google.com.au/search?q=ca...mail.com&hl=en
Looks like he tried to deface that too maybe? Script kiddie?
I would like the satisfaction of knowing that this idiot has been arrested and thrown in jail, or at least have his ISP kill his connection, but as I can't see anything changed (except my email address and password), I don't suppose there is much I can do.
Any ideas what may have caused this or what I can do to get back at this guy?
Comment