Admin Demo been hacked?

**MUG** · Mon 30 Jun '03, 4:48am

404 Not Found 1

http://www.vbulletin.com/admindemo/reset.php

vBulletin Community Software

**RGSerge** · Mon 30 Jun '03, 5:00am

Thats better

**filburt1** · Mon 30 Jun '03, 6:07am

It gets "hacked" a lot. The problem is it's not quite hacking given that the admin password is given in clear text. But the 12 year olds get joy out of it

**Scott MacVicar** · Mon 30 Jun '03, 6:26am

we log anyone who attempts to enter redirects and they get banned from the admindemo.

I'll edit the logger to catch those who remove the copyright or put cuss words in any templates.

**qxh** · Mon 30 Jun '03, 7:44am

GuidelinesSince this is a public test area, it's important not to make any changes that can aversly affect (or disable) the test forum. Also, we ask you to please keep the content of the forum "clean" - remember that this is a family site! The forum is reset every day at 12pm.
Note: If you would like an administrator to reset the boards for whatever reason, please click here.

URL doesn't work and also, admins don't reset it any longer.

**Ionsurge** · Mon 30 Jun '03, 8:35am

You get that kind of thing a lot, ticks me off personally, but well, some abuse services, and others don't.

pheh...

**Steve Machol** · Mon 30 Jun '03, 9:04am

One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.

**iDavid** · Mon 30 Jun '03, 11:05am

Steve, it's unfortunate that this keeps happening.

You try to showcase your product without making people pay to try it, and people have no respect at all for that. If the reset script doesn't use up too many server resources, you could reset it more often, but you'll always be at that disadvantage.

Hopefully someday people will stop acting childish and will respect you and your business.

**Dan** · Mon 30 Jun '03, 11:06am

Originally posted by Steve Machol

One of the disadvantages of having an actual live demonstration of the Admin CP is that any idiot can come in and ruin it for everyone else. This has been a problem lately from the users of one of the competitive programs.

We have the demo set to automatically reset itself several times a day because of this, but there's no easy way to make this demo easily accessible to everyone yet keep out the idiots.

And please note this is not 'hacking'. Because this is a live admin demo, anyone can go in and change it. It doesn't take any hacking or skill at all.

Steve is right... and its not hacking in any case its just template modifactions. SAo Technically if they themselves say it was 'hacked' it technically wasn't

**okrogius** · Mon 30 Jun '03, 11:31am

Well what can be done is have a unqiue demo generated for every visitor instead of having one demo for everyone.

For an example, try to take a demo at any interactivetools.com products.

**qxh** · Mon 30 Jun '03, 12:09pm

Hey, I saw that just today...........! Or make it so that any changes will be reset after having been made for 1 min. So someone could change a template and after 1 min it'll be reset back.

**filburt1** · Mon 30 Jun '03, 12:52pm

Theoretically possible by creating a database for that user based on the sessionid. Of course it would have to have a session count limit to prevent people from flooding it and then just filling up the entire server with junk databases.

**okrogius** · Mon 30 Jun '03, 1:42pm

Well think about it... lets say that each demo session will be deleted in 15 minutes after the last activity on the demo. Then have a certain limit on how many demos can be active at a time with some "que" system for when the limit is reached. A signle user can only have one demo to him or her.

**Beorn** · Mon 30 Jun '03, 2:49pm

...or you can set up something where you need to create a username and pw, and verify an e-mail address. Then, add into the two global.php files code to check that username and pw (HTTP authentication). Finally, set up a script that people can go to if some 12 year old messes with it, and it'll send some administrator a note with (a) the IP, (b) the e-mail address, and (c) the time so that they can check the logs, and see what page referred the person to the admin demo, and you can contact the owner of THAT page....

Admin Demo been hacked?

Admin Demo been hacked?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment