Tweet
I have a username that appears to have been changed but not by me. If it can only be done via the AdminCP is there any trail in the database somewhere where I can see if username A used to be username B type thing? If I think the new username used to be something else is there any way to show that?
-
http://www.softballfans.com
The Ultimate Softball Community
Forums, Bat/Equipment Reviews, Team Page Hosting and more! -
I found a trace of the name change in a search that was run. Since I am the only admin and did not make the change can you tell me where this had to have been made so I can check with my web hosting provider to see if there was any hacking done?
Is the Admin CP the only place a hacker could enter to change this?http://www.softballfans.com
The Ultimate Softball Community
Forums, Bat/Equipment Reviews, Team Page Hosting and more! -
-
Someone can also do this if they have access to your database.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
No, stock vBulletin.http://www.softballfans.com
The Ultimate Softball Community
Forums, Bat/Equipment Reviews, Team Page Hosting and more!Comment
-
Only two posibilities:
1) Admin user (your) password is too basic or have been compromised.
2) Someone with database access modified it.
There is no other posibilities of this happening if you are on a stock vBulletin.
Suggestions:
1) Use a more secure password for admin user, and add .htaccess file to your /admincp folder
2) Change your database password to someone complex (IE: a23d;@Yw9_) and make sure no one else other than you have FTP / database access.Best Regards,
Andy HuangComment
-
I checked the logs and spoke to my hosting provider. Change was not made in Admin CP under my username. They think it could have been done with a URL hack of somesort with vBulletin? I'm on version 3.0.0. Sound possible? Is that an "exploitable" version?
I do allow anonymous FTP for one employee, that a hazard?http://www.softballfans.com
The Ultimate Softball Community
Forums, Bat/Equipment Reviews, Team Page Hosting and more!Comment
-
There have been 2 (? not sure) possible exploits with 3.0.0, and neither allows modification to database values (if I'm not mistaken). It is most likely done through database directly. However, an upgrade to 3.0.3 is advised to fix these exploits.
FTP access which allows the user to view your vBulletin files is strongly not advised. If the user can see your vBulletin files, they can easily look into the configuration file and obtain username and password for your database. From there, the person can have the same amount of access as you have; except, more flexible and more dangerous. Please make sure that the user does not have access to any of your vBulletin .php files.Best Regards,
Andy HuangComment
-
No, this is anonymous and allows them access to one directory only and they cannot go into the web files.http://www.softballfans.com
The Ultimate Softball Community
Forums, Bat/Equipment Reviews, Team Page Hosting and more!Comment
-
Why would anyone go to the trouble of hacking your site just to change one user name? Frankly that doesn't make a lot of sense to me.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
Comment