[Security hole?] Accounts being taken over by a malicious user

[lickitung]

Hi, i hope i am in the right section posting this.

For the last couple of months, i have noticed accounts being taken over by a specific person who obviously hates the forum i administrate and wants it closed. Also, it's not a bot or anything because that user after taking over the accounts posts stuff which could not be made by a bot. He is also always behind a proxy (tor).

The accounts that are being taken over are always of simple users (more or less the same users each time) and never so far of administrators. My only explanation to this (apart from admins having stronger passwords or smf providing extra security for the admins) is that he really wants to hurt the forum's status by making people believe that it is not safe, instead of just taking over an admin account and deleting everything.

Before resorting to the solution of a clean install, what else should i do or what should i do before the clean instal (e.g. check the database for suspicious code etc).

My forum version is 2.0.2.

Also any ideas on what's happening?

[Illori]

sounds like some users are using basic passwords that are easy to guess and they are getting in that way. you could increase the password complexity and that should help.

[lickitung]

sounds like some users are using basic passwords that are easy to guess and they are getting in that way. you could increase the password complexity and that should help.

I doupt that. Passwords need to "upper AND lower case letters, as well as digits" and also to be over 7 or 8 characters long... 

[Illori]

if you think this user is trying to hack your users account please file a security report

http://www.simplemachines.org/about/smf/security.php

fill in as much details as you can.

[lickitung]

i did that the other day (3 days ago) but so far haven't received an answer, that's why i tried posting here in case someone knows something and can help.

Also, the thing is , i am not telling them "a lot" so they can resolve the problem because i myself have little clue on what could be wrong.

[Illori]

well as we are all volunteers it may time several days for those with access to them to have time to reply to you, or you did not provide enough information for them to be able to anything with the report.

[lickitung]

or you did not provide enough information for them to be able to anything with the report.

indeed, that's mostly the case i am afraid. 

Anyway, if someone else has any other idea that could help, i'd be very glad to read it.

[NanoSector]

You can reupload fresh files (excluding Settings.php and not uploading the installation files) from an Installation package.

[lickitung]

You can reupload fresh files (excluding Settings.php and not uploading the installation files) from an Installation package.

well, that will just mess up things a little i believe with all the mods i have installed. (i'd have to uninstall them first). I'd rather just do a new clean install instead.

[NanoSector]

You can reupload fresh files (excluding Settings.php and not uploading the installation files) from an Installation package.

well, that will just mess up things a little i believe with all the mods i have installed. (i'd have to uninstall them first). I'd rather just do a new clean install instead.

It will get rid of your mods, so that's not any problem. The only data that's left then is the database data.