How can I make one of my existing admin accounts (we have three) the #1 account? A while back I either deleted that account or wrote over it. Is there a way I can get that account back?
#1 Spot -Administrator
Collapse
X
-
The userid? There is no feature to change a user's userid. This requires manually updating all of the userid fields in the database, a very tedious job that makes no functional difference and is not recommended. -
I was asking because a hacker took over that #1 account and we deleted it totally. He was also able to create a 2nd account that looks like the #1 which has an email address attached to it but when you go to edit the profile the entire thing is blank.Hi! My name is Tanya! :)Comment
-
You have bigger problems to deal with than a userid number. Please see this thread on how to make your vBulletin more secure:
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
Ok, we restored our server from a backup. Tools.php is nowhere on the site. Only 3 admin accounts and they are uneditable and unremovable. This morning, that guy came back and made another account using the old admin name.
The thing is, I cant delete or change the password on the account. It shows error on page when I try to delete it or change it. How can he be creating that account and making it undeletable. This is so frustrating, I don't know what to do.Hi! My name is Tanya! :)Comment
-
You have to upload tools.php. It's in the 'do_not_upload' folder of the zip file.
Did you follow ALL the instructions given to seecure your forums? If so, then it's likely your web host account has been compromised.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
yes I followed all the instructions. So far this is what I found.
They seemed to manually create the account directly into the database. phpmyadmin can only be acessed through my control panel (that I know of). I checked all the files that link to the database and found that config.php was set with 777 permissions. I reset it to 644, changed the login and password for the ftp access, changed the password for the plesk panel access and the password for the database. I caught him on time when he logged in this morning with that made up account and banned him immediately (i took away the admin and all other rights to userid 1 in config.php) then made the password changes and deleted that account in phpmyadmin.
I contacted my provider to upgrade me to a Virtual Private Server, hopefully that will give me more protection and they do daily backups included in the package.
Now this security issue has me paranoid. I wish there was more I could do to secure my site. I will need to take a php and c++ course because not knowing how they manipulate files and what I can do is really hurting me.Hi! My name is Tanya! :)Comment
Related Topics
Collapse
-
by josueinakiNot really more hypothetically. if that happened with vbulletin administrator account how can you retrieve it? with server files maybe?
...-
Channel: Support Issues & Questions
-
Comment