My forum v4 was hacked recently. About the members passwords: how safe is the md5 hash? Should I tell all members that their password could have leaked = change it everywhere?
Forum hacked - members password
Collapse
X
-
Passwords are not encrypted, they're hashed using md5. If the attacker dumped your user table, with some effort they could reverse the passwords and possibly get a matching id.
First you need to follow our advisory about deleting the install folder off your forums.
Then please read the following two blog posts:
This guide is for what to do, after youve been hacked, exploited, and or defaced. Step 1, Change everything: If you believe, or think your site has
http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-siteGetting Started This guide is intended to be a starting point for helping to keep your site safe and secure in the long run. It is not a be-all, end-all guide
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Comment
-
Ok, I have some more problems. I reinstalled the complete system (deleted all files at the server, deleted the database and made clean install v4.2.1). In the admincp I checked the box so I have to accept new members before they can join the forum. The problem is that new spam-members show up in the database but not in the admin cp or in the memberslist at the forum.
How is this possible?Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment