Hello,
I'm a French Vbulletin user, we migrate our vbulletin from versus 3.0.9 to 3.5.4 this week, and we 've got some problem.
A fu#!$ guy try to hack us every time, when he registers in our forum, we ban him immediatly, but yesterday, this is what he has done :
- he was on the forum home panel (not connected so), and he has entered this line on his browser address :
http://www.xxxx.com/forums/login.php...u=YY&i=9861262 HTTP/1.1" 200 3965 http://mail1.voila.fr/webmail/fr_FR/...romSubmit=true
Where YY is the userid, he manage to generate a new password and receive it in his email box, he could do this for any YY (userid).
Then he could enter to the forum and change the userid email.
This guy manage to change the email of any user (admin too) and he manage to enter to the admin cp panel !!
Since 30 mns, he manage to ban the admin without entered in the admin panel.
Perhaps there is a chmod problem on my site, and he manage to execute some sql request.
The team of http://forum.vbulletin-fr.org help me too.
Please help me
I'm a French Vbulletin user, we migrate our vbulletin from versus 3.0.9 to 3.5.4 this week, and we 've got some problem.
A fu#!$ guy try to hack us every time, when he registers in our forum, we ban him immediatly, but yesterday, this is what he has done :
- he was on the forum home panel (not connected so), and he has entered this line on his browser address :
http://www.xxxx.com/forums/login.php...u=YY&i=9861262 HTTP/1.1" 200 3965 http://mail1.voila.fr/webmail/fr_FR/...romSubmit=true
Where YY is the userid, he manage to generate a new password and receive it in his email box, he could do this for any YY (userid).
Then he could enter to the forum and change the userid email.
This guy manage to change the email of any user (admin too) and he manage to enter to the admin cp panel !!
Since 30 mns, he manage to ban the admin without entered in the admin panel.
Perhaps there is a chmod problem on my site, and he manage to execute some sql request.
The team of http://forum.vbulletin-fr.org help me too.
Please help me
Comment