Greetings, I run a board currently running vbulletin 3.8.7 Patch level 6 and we are experiencing a rater large issue with false registrations. I have Capcha and email confirmation enabled and yet we are still experiencing this. I was out of touch for a month in the hospital and upon my return there were over 100 new registrations to the site, none of which was legitimate. And then I receive an email from our host that our site had reached it's allowed daily daily executions limit. These registrations don't ever post, the few that do are typically caught by the spam system and banned. I'm kind of at my whits at end with this, we are a small metro detroit area club.
False/SPAM registrations
Collapse
X
-
First I probably should have said, our site is redlinesuperbike.com
So I completed the Suspect File Version check, other than some left over files from removed software like vbgallery, I have the following issues showing:
./
forumdisplay.php - Files does not contain expected contents
./includes
class_core.php - Files does not contain expected contents
class_dm_threadpost.php - Files does not contain expected contents
class_floodcheck.php - Files does not contain expected contents
class_rss_poster.php - Files does not contain expected contents
class_vurl.php - Files does not contain expected contents
functions.php - Files does not contain expected contents
functions_misc.php - Files does not contain expected contents
init.php - Files does not contain expected contents
./modcp
global.php - Files does not contain expected contents
index.php - Files does not contain expected contents
Starting to wonder if we may have been hacked, still looking for some help here. -
Below is an example of a new user registration and the moderated visitor message they are attempting to post.
Originally posted by New User EmailThere is a new user, hakkanen4 at Redline Superbike
To view their profile, go here:
Email Address : [email protected] Birthday : April 3, 1986
Referrer: N/A
IP Address: 85.107.192.230
Location : TR
Zip code : 35414Originally posted by Moderated visitor MessageComment
-
You have files showing incorrect contents. That suggests your site may have been compromised.
You need to download a fresh copy of the files from the members area and uploa dthese to the server, taking care to overwrite what is already there.
You also need to change all admin and moderator passwords, all FTP passwords, and also your database password. Nite that when changing your database password, you must also update the entry for that in includes/config.php, otherwise your site won't load.MARK.B
vBulletin Support
------------
My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
My Unofficial vBulletin Cloud Demo: https://www.adminammo.comComment
-
You have files showing incorrect contents. That suggests your site may have been compromised.
You need to download a fresh copy of the files from the members area and uploa dthese to the server, taking care to overwrite what is already there.
You also need to change all admin and moderator passwords, all FTP passwords, and also your database password. Nite that when changing your database password, you must also update the entry for that in includes/config.php, otherwise your site won't load.Comment
-
Ok so I downloaded a fresh copy of the software, I even re-ran the upgrade process. Now all the files that said "File does not contain expected contents" say "File version mismatch: found 3.8.7 Patch Level 6, expected 3.8.7 Patch Level 4" I"m certain I download 3.8.7 Patch Level 6 and that's what it says my forum version is everywhere I know to check.Comment
-
Make sure you have uploaded all the files and run the upgrade script.
Also make sure you have downloaded the full 3.8.7 PL6 package, not just the patch files.MARK.B
vBulletin Support
------------
My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
My Unofficial vBulletin Cloud Demo: https://www.adminammo.comComment
-
Ok so I think I've completed all the tasks.
1. Reset the database password, which was really poor btw, can't believe that went unnoticed for so long.
2. Completed the upgrade properly, the files no longer show out of date or incorrect versions on a suspect file check.
3. We didn't have any ftp accounts.
4. Reset all the master passwords for the account.
5. Mod and admin password after require a reset every 90 days.
I have capcha and email verification setup for registration. Is there anything else you guys could think of before I turn registration back on?Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment