Sombody stolen my admincp password!

**Guest** · Thu 14 Oct '04, 5:16am

In your vBulletin zip file there is a directory called 'do_not_upload'. Upload the file tools.php from that directory to your forum directory on your server.

Run the script, there is an option called reset admin access within it. Basicly this will allow you to give admin access to any acount on the forum, once you re-gain access to the admin cp with that acount change the password of your regular admin acount (and all other staff while your at it).

Make sure you remove tools.php from your server when you are done with it, anyone can run it and gain access to your admin cp the same way you did.

**Floris** · Thu 14 Oct '04, 5:17am

Hi there,

Register on your own forum as a new user.
Then upload tools.php from the .zip's "do_not_upload" folder and run it to reset admin.
Enter the UserID of the new user you made, that user is then admin.
Login to the admin control panel, search for the hacked account and set a new pass and save it. Then you gained control over it again.

Then set the both admin accounts as 'undeletable users' in the config.php file.

Trace the logs for the IP of the abuser and ban it.

Add .htaccess to the admincp/. and modcp/ directory.

Check the logs to see if the user has changes other user accounts and if so, revert those changes and change their passes.

Report the hack to the ISP of that person.

Upgrade to 3.0.3 or 2.3.5 to fix known security holes.

**ubi** · Thu 14 Oct '04, 5:33am

Thank you so much for the quick reply...i reset admincp user with new username and also i changed the admin password from admincp.

Thanks again!

**ubi** · Thu 14 Oct '04, 5:47am

Originally posted by Floris

Hi there,

Add .htaccess to the admincp/. and modcp/ directory.

Check the logs to see if the user has changes other user accounts and if so, revert those changes and change their passes.

Report the hack to the ISP of that person.

Upgrade to 3.0.3 or 2.3.5 to fix known security holes.

I dont know how to add .htaccess, can you give me some more details, how to do those things..i added new admin account username in the undeletable users in the config.php file.

Thanks for your reply.

**Floris** · Thu 14 Oct '04, 5:50am

You could add an extra security layer to your board by adding .htaccess password directory protection to your admin and mod control panel that holds a different user/pass combination then the one you use on the board.

This is a feature from the web server (unix/linux systems only), and works aside of vBulletin. Here is a indepth guide on how to use and setup .htaccess password protected directories on your server:

Comprehensive guide to .htaccess- intro

http://www.javascriptkit.com/howto/htaccess.shtml

You could setup one user/pass combination or give each administrator and/or moderator their own additional login.

**ubi** · Thu 14 Oct '04, 5:53am

Thank you.

Sombody stolen my admincp password!

Sombody stolen my admincp password!

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics