Banned member hacks ranking members account: how to get rid of login cookie?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Alfa1
    Senior Member
    • Dec 2005
    • 4165
    • 3.8.x

    Banned member hacks ranking members account: how to get rid of login cookie?

    One of my ranking members had their account hacked by a banned member. (hotmail brute force, followed by password retrieval) Now the forum account is compromised, as long as the banned member has the login cookie on his computer. Is there any way to reset the login status of an account or make that login cookie invalid?

    Does anyone have tips how to solve this?
    I buy 420 forums
  • Lynne
    Former vBulletin Support
    • Oct 2004
    • 26255

    #2
    I can't think of anything except resetting the cookie prefix, but that will effect all your users, not just the one.

    Please don't PM or VM me for support - I only help out in the threads.
    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
    Want help modifying your vbulletin forum? Head on over to vbulletin.org
    If I post CSS and you don't know where it goes, throw it into the additional.css template.

    W3Schools <- awesome site for html/css help

    Comment

    • Alfa1
      Senior Member
      • Dec 2005
      • 4165
      • 3.8.x

      #3
      Will changing the password for the account of the ranking member, make invalid: the old login cookie that the banned member has on his computer?

      Or would it help to merge the account into a newly made account, so that the userID changes? Or even doing that twice?
      I buy 420 forums

      Comment

      • Steve Machol
        Former Customer Support Manager
        • Jul 2000
        • 154488

        #4
        1. Yes.

        2. ??? Not sure I follow.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • Zachery
          Former vBulletin Support
          • Jul 2002
          • 59097

          #5
          Change the password, empty the session table. That should fix it.

          Comment

          • Alfa1
            Senior Member
            • Dec 2005
            • 4165
            • 3.8.x

            #6
            The userid is not found in the session table. Should I empty the salt field in the user table of this specific user?
            Last edited by Alfa1; Mon 15 Nov '10, 10:39am.
            I buy 420 forums

            Comment

            • Steve Machol
              Former Customer Support Manager
              • Jul 2000
              • 154488

              #7
              Changing the password is sufficient. The session table is automatically emptied every one hour so that is no longer an issue.
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment

              • Alfa1
                Senior Member
                • Dec 2005
                • 4165
                • 3.8.x

                #8
                That is a very nice thing to read. Thanks.
                I buy 420 forums

                Comment

                • Zachery
                  Former vBulletin Support
                  • Jul 2002
                  • 59097

                  #9
                  Emptying the session table will just more quickly invalidate the cookie if the user is still logged in. Its not required.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...