How do I disable automatic password recovery option?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Doka
    New Member
    • Dec 2008
    • 7

    How do I disable automatic password recovery option?

    I would really like to disable this function. I had an admin account hijacked just through this function. Help me to disable it.
    The version run - 3.8.7 Patch level 2
  • Lynne
    Former vBulletin Support
    • Oct 2004
    • 26255

    #2
    There is no option to do that. You would need to modify the code in order to remove it. If you need help with that, the place to ask is over on vbulletin.org, the modification site.

    Please don't PM or VM me for support - I only help out in the threads.
    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
    Want help modifying your vbulletin forum? Head on over to vbulletin.org
    If I post CSS and you don't know where it goes, throw it into the additional.css template.

    W3Schools <- awesome site for html/css help

    Comment

    • Doka
      New Member
      • Dec 2008
      • 7

      #3
      That is strange, since this could be a security threat and really dangerous option. There should be an option to disable it if your customer wishes this.

      Comment

      • Lynne
        Former vBulletin Support
        • Oct 2004
        • 26255

        #4
        The only way I see this being a security threat is if the person got their email hacked. If you think it should be an option, you may enter it into Jira as a Suggestion.

        Please don't PM or VM me for support - I only help out in the threads.
        vBulletin Manual & vBulletin 4.0 Code Documentation (API)
        Want help modifying your vbulletin forum? Head on over to vbulletin.org
        If I post CSS and you don't know where it goes, throw it into the additional.css template.

        W3Schools <- awesome site for html/css help

        Comment

        • Doka
          New Member
          • Dec 2008
          • 7

          #5
          No, the email was somehow got replaced in the script. The request for email password reset for Admin account - went to another email. I established it firmly from the logs. My email account is not compromised as it was re-directed to another email of the intruder.

          Comment

          • Doka
            New Member
            • Dec 2008
            • 7

            #6
            In the login.php script disabled the runs: start lost password, start email password, start reset password. That should do it...
            Not a great help from Vbulletin... As usual.
            Last edited by Doka; Sun 27 Nov '11, 12:09pm.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...