hi all,
i use vbulletin 3.5.4 ,one guy has hacked the admin pass and do so anytimes he wants .i'm fed up with vbbulletin , their forum is a big hole .!!!!!!!!!!!!!
Any one khow how to protect the forum ?
heard somewhere that have to move the config.php file or rename it or other tips ...but don't know anything .
Can anyone help me please ?
Thanks

You should talk to vBulletin support, this isn't vBulletin support.

Also, make sure that you are using the latest version.

Make sure all mods are also up to date.

You can get the latest version and support from your customer area.

__________________
Host your forum with a reliable, stable host from just $2 per month!
Are you running a bigger forum, or a network of sites? Get a VPS from just $6 per month!

Right, I would contact vB's support team ASAP here - http://members.vbulletin.com/members...ontactform.php

I haven't heard of any vulnerability like this yet...and I'm sure if one existed, it would already be patched - as Ashley said, make sure your forums are up to date and make sure you do not have any outdated mods.

__________________
...some super-sweet signature

I also haven't heard of anything either.

I would also make sure that your admin is using numbers, letters and alternating capitals. Sounds like maybe the admin is using too easy of a password.

__________________
My Blog - Follow Me on Twitter

yes Demo, it was probably brute force attack on the password. i heard there was a vulnerability with the older shoutbox hack IF you have one and its old update it asap.

__________________
PA Forums
Philly Sports
Delaware Online
boomshockalacka

This happens generally because you were not careful. Are you using any hacks/mods? Because if you do that could be an error! The staff on vB.com have already stated that forums using mods or hack are more likely to be hacked. As Ryan said, go immediately to vb.com support and explain in details what happened. I'm 100% this isn't a vB flaw..

__________________
My Planet: Planet Diaz

Also make sure your passwords are long and not a real word.

Say you run a site about cats(first thing to pop into my head) Which password would be better?
Ex:
Password 1: Ilovecats
Passwords 2:436i965love7590cats

All the 2nd one did was used a phone number, broke it up into 3 parts and dived the word with it.

__________________

Thank you for responding
but it seems 2 be a big problem i. beleave me all .
i try to explain to all what i use, hoping you'all will not be in my case.
I use vb3.54
admin pass are very long with letters and numbers.
hack used : vbshout 2.0 , hide expand 2.50, inforno warning syst 1.3, member who have visited forum (vb3.53) , and ipproarcade, and vB Category Icons [vB 3.5.0 RC1]

afetr first hack, i have changed dat base pass and changing admin pass but no result, he has come some days later and take the control of my forum again .
iv' heard that there's a xss attack methods to obtain admin pass or that they have a method to read the config.php
i'm very desappointed , because can't do anything in front of this problem


hope you'll not be in my case later guys .

100% sure = big possibility to get hacked if you know what I mean

Only because you use vbulletin and people who make that software are responsive and everything doesn't mean their software is bulletproof

bil : hope you work that out quickly !

__________________
Web Directory - Submit your forums!
2007 Timeline - What happened in 2007 ?
Weblog - free css templates, ...

bilgeites, as others have said, you need to contact Jelsoft here - http://members.vbulletin.com/members...ontactform.php

That is your only guaranteed way to solve the problem...there is nothing we can do for you here.

__________________
...some super-sweet signature