Tweet
One more followup: the script definitely goes looking through profiles -- my online.php file is filled with attempts to send PMs and also guest viewing users profiles. The spams also happened in alphabetical order, for whatever that's worth.
-
-
I'm getting hit with this right now, looks like it's up to about 'F', just turned off PM's and closed the board.
This is nasty, thanks for your help guys - I will use your db query septimus - I hope it;s sound!Comment
-
Good point -- something to be aware of if you use that DB Query. In our case, we appeared to be lucky because all the PMs had one of just a handful of subject lines and we were able to search the PMs out that way.
In all honesty, we lucked out in that these spammers could have used certain methods (which I suppose I ought not fully lay out here) to make their deeds harder for admins to detect and hunt down.Comment
-
I actually ran a query outputting all users with their passwords set to their usernames first, then ran your query to change their passwords. Jeez...there were a few of them...Comment
-
My forum got hit by this last Thursday, as well. 16000 spams, all from various users who hadn't been logged in in a while and had username==password.
Thanks for the script, macrumors.Comment
-
you should make it so that people cant pm till they get like 10 or 20 post, that will pretty much eliminate all pm spam by bots.Comment
-
Has anyone posted a suggestion yet to have vB check to make sure the username and password are not the same when someone registers or changes their password? If not, then please make this suggestion:
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
Actually, it would not in this case. If you read above, these are people's legitimate accounts that have their passwords set as their username.
So, you would reduce it, but I had some long standing members with hundreds of posts who had their password = username.
done.Has anyone posted a suggestion yet to have vB check to make sure the username and password are not the same when someone registers or changes their password? If not, then please make this suggestion:
arnComment
-
What an ugly problem.
Where's the setting in vBulletin to disallow the password chosen to be the same as the username? And if there's not one...yikes! That's bad.
Comment
-
Thank you macrumors for reporting this and providing your script for a quick lookup of these accounts
I wrote a very quick hack to block logins for new users (they still try to register with username as password even though I added bold warning text to the register form): product file with plugin that, upon recognizing such a user logging in, does immediately log him off again and reset his password to random (septimus' method), offering them the link to reset their pw.
The error page looks ugly and I should've used a phrase instead of hard-coded text, but since I noticed users still signing up that way and boldly ignoring the bold warning text, some quick code was necessary; there's still time to update it to look nicer if Jelsoft shouldn't issue an update dealing with it themselves.Comment
-
For anyone searching for a way to get all users that use their username as their password, use the following SQL:
Don't know how server intense this is, so you might want to add a LIMIT to this.PHP Code:SELECT userid, username
FROM user
WHERE password = MD5(CONCAT(MD5(username), salt));
Reset passwords
In case you want to invalidate all passwords, you could use something like this:
PHP Code:UPDATE user
SET password = MD5(RAND())
WHERE password = MD5(CONCAT(MD5(username), salt));
This will not logout users that are already logged in!
Solution: before running the query above (the password reseting), first run this:
And run the reset password query directly after that.PHP Code:DELETE FROM session
WHERE userid IN (SELECT userid FROM user WHERE password = MD5(CONCAT(MD5(username), salt)));
Please note:
I don't know how server intense this is!
Also: create a back-up of you forum before running any of these query's.
It also might be good idea to disable the forum while you do this.
Edit:
Whoops, somebody already posted something like this.Comment
-
Done.
Damn, I missed being post 1.6m by 5.
-- hughComment
Comment