hacking accounts on my forum

Started by sombra, July 28, 2010, 03:44:58 PM

Previous topic - Next topic

sombra

i have been notice that some one its deleting accounts from other users on my forum is there any bug known from smf side that its been used from this kinf of person any ideas how are they doing this?

by the way the person its editing users post and then deleting them its there any way i can delete al this hacked persons post in onw shot since the person deleted the profice

tesser

You might want to check  your permissions settings  and check the permissions for any member groups you have created  i have looked at your site but sadly dont speak the same lingo as you so dont understand

also check the moderation and admin logs

Kindred

there is no known hacks in SMF 2.0RC3 that would allow someone to delete other user's accounts.

As for deleting a user's posts, if that user has already deleted the account... no, ther eis no easy way to do that, since the "poster ID" has alreayd been reset to 0...  you'd have to set up a new user, then do a DB query on the username and set all of those posts to thge new user, then delete the new user and select "delete all posts" when you do that.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

sombra

thanks for the replys hehe our lingo its spanish

well the person doing this is tacking for what i seen diefrents accounts and doing this nutill now hes taking moderators accounts and then doing the edits after he finish he is deleting the accounts he must be using some king of trick over smf because it haven do anything else in the logs you can see user deleted his own account nothing else

YogiBear

It also suggests someone has pre-guessed either your password or that of one of your staff.

Edit : now I've seen your last post change those passwords. lol
SMF v2.1.3  Mods : Snow & Garland v1.4,  PHP  v.7.4.33

sombra

QuoteEdit : now I've seen your last post change those passwords. lol

can you explain this to me  :o

i was thinking  that has pre-guessed the passwords the first time but it have been  pre-guessing already like 4 accounts i dont really think its a thing of has pre-guess he must know something we dont and its always moderators accounts

BoxingChaos

#6
Esto esta curioso de verdad.

As far as I know, there are no hacks for SMF.

I can think of several things I would do to try and see what is going on.

First of all, the logs should be showing who is or what IP's are deleting the accounts along with the username they have logged in with.

What would I do?

Still thinking it could be that this person has used a cracker and has some ones pass. That be a MOD or Admin pass.
I would remove all MODS extra ADMINS privileges for now. I would also disable the ability for anyone to delete an account with out permission.
I would also tell the team of the page what is going to happen. I would also tell all of them to make strong passwords, change the passes.
(Maybe this person is getting the pass thru MAIL?) That could be and that would pretty much ruin changing the password which might be a sign of being keylogged.
Maybe one of your team is trojaned or KeyLogged since you do have a warez site maybe one of your boys is not using an Anti virus.

There is a lot to do but check the logs first and then go down the line.

No se que mas decirte pero tu pagina esta muy buena :)

Suerte.

www.BoxingSquad.com/forum

Kindred

if he guessed the password to one account with admin privs, he could then change passwords and email addresses on other accounts and move on to them.

As I said, there are no known security holes in 2.0RC3 (assuming that is what you are running)

However...   there could be a hole in one of your mods. What mod(s) are you running?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

sombra

QuoteNo se que mas decirte pero tu pagina esta muy buena

GRACIAS PANA eres bienvenido cuando kieras

im running 2.0RC3  and the mods are

Registered Links
nCode Image Resizer
SimplePortal
Favicon
Download and Password BBC v3.0 for SMF 2.0 RC2 Release
Thank-O-Matic
Load Standard Language
Yet Another Global Announcements Mod
Related Topics
Tidy Child Boards
Topic Solved
Member Color Link
Megavideo BBCODE
Stop Spammer
Ad Management Mod
Global Headers Footers
Sitemap
Copyright & Footer Links | S-Ace
PaypalDonations
Redirect on Login and/or Logout mod
YouTube BBCode
Hide Tag

if your a mod you can change the password of other mod? maybe this is the case but i dont think a mod can do such a thing


BoxingChaos

I have never read or heard about any of MODIFICATIONS you just posted to your forum as having exploits.

To answer your question
if your a mod you can change the password of other mod?

I don't think a mod has those powers unless he was given them.
You have to go through the settings and see what powers the mod has.

DID YOU CHECK THE LOG FILES?

There is a section in the SMF settings that lets you see anything and everything being done via the log files. That is where I would start looking.


www.BoxingSquad.com/forum

sombra

well i saw in the admins log that the user xxx has deleted his account and in the mod log that the user xxx edited some of his posts and then deleted his account no more to see in the logs

in the permitions of the mods i was now seying and the mods dont have any permition to change nothing about other users

this are the permitions of the mods i have there in spanish





BoxingChaos

Tiene que estar usando una quenta de Admin.
Cuantos Admin's tienes?

www.BoxingSquad.com/forum

Kindred

I am unfamiliar with this mod:
Download and Password BBC v3.0 for SMF 2.0 RC2 Release

what is it supposed to do?  (because the mod has been removed from the smf mod site)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

sombra

QuoteDownload and Password BBC v3.0 for SMF 2.0 RC2 Release

this mod is for putting download links and inserts passwords

QuoteTiene que estar usando una quenta de Admin.
Cuantos Admin's tienes

no man creeme hasta ahora solo e tenido este problema con 3 o 4 cuentas de moderadores primero pense que era cosa de nu troyan pero el ultimo afectado ni usa su pc asi que estoy descartando esa posibilidad




tesser

hmm drop all staff to normal members (you will be the only staff member)

now go change your password to something else but misspell it

example cakes = caces  ple who use a crackers never load a list of misspelt words

use a password like this also  if you want a hard word       o@*0_6 o_Jj8 6%#$!^& MAR

now go change the database password too


and if i was you i would contact all members and ask them if YOU can change there emails  to your choice as a temp thing  for now

you can go make a mew email to assign  all members too and if any of them need to reset there passwords you get the email  and you can reset it for them


Aleksi "Lex" Kilpinen

Quote from: Kindred on July 28, 2010, 05:18:14 PM
there is no known hacks in SMF 2.0RC3 that would allow someone to delete other user's accounts.

As for deleting a user's posts, if that user has already deleted the account... no, ther eis no easy way to do that, since the "poster ID" has alreayd been reset to 0...  you'd have to set up a new user, then do a DB query on the username and set all of those posts to thge new user, then delete the new user and select "delete all posts" when you do that.
Actually, you could just use the built in function.... Create a new user, call it whatever - for example Trash - and go to Administration Center » Forum Maintenance » Members
and reattribute all the to be deleted posts to the newly created member, and then delete that member and it's posts :)
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

CapadY

Quote from: BoxingChaos on July 28, 2010, 08:19:09 PM
Tiene que estar usando una quenta de Admin.
Cuantos Admin's tienes?

Could you please use the English language ? Or go to the language specific board for support.
Please, don't PM me for support unless invited.
If you don't understand this, you will be blacklisted.

sombra

QuoteActually, you could just use the built in function.... Create a new user, call it whatever - for example Trash - and go to Administration Center » Forum Maintenance » Members
and reattribute all the to be deleted posts to the newly created member, and then delete that member and it's posts

thanks great idea  ;D

Quotehmm drop all staff to normal members (you will be the only staff member)

now go change your password to something else but misspell it

example cakes = caces  ple who use a crackers never load a list of misspelt words

use a password like this also  if you want a hard word       o@*0_6 o_Jj8 6%#$!^& MAR

now go change the database password too


and if i was you i would contact all members and ask them if YOU can change there emails  to your choice as a temp thing  for now

you can go make a mew email to assign  all members too and if any of them need to reset there passwords you get the email  and you can reset it for them

great idea 2 i was thinking all nigth and didint come up with an idea of what tecnike he is using any way i will do the email change to see what happends

sombra

well tried to do the email change but its said

QuoteHan ocurrido los siguientes errores al intentar guardar tu perfil:

    * Otro usuario ya se encuentra registrado con esa dirección de email.


there it says theres an error another user is already using that email  :o

sombra

i tried to making a new user named trashcan and moved all post of deleted guest from mi forum to this new account but wen deleting this account the post are still there and the post have the name of the original poster ...

Advertisement: