Posts Topics Forums Images
Search videos from message boards Videos Search messages from microblogs Microblogs Search messages from imdb.com Imdb Search messages from yuku.com Yuku Search messages from lefora.com (free forums) Lefora
My account: Login | Sign Up
Loading... 

Thread: help a script is sending my user passwords to an email
Started 1 month, 3 weeks ago by msimen
hello please can you help me to solve this problem ,i found many emails queued on my server when i stopped postfix ,the emails contains username and correct password of many logged in users , i cleaned many files , but the emails still sending ,i don't know where is the script and how to stop it plz help
Site: vBulletin.org Forum  vBulletin.org Forum - site profile
Forum: Forum and Server Management  Forum and Server Management - forum profile
Total authors: 8 authors
Total thread posts: 16 posts
Thread activity: no new posts during last week
Domain info for: vbulletin.org

Other posts in this thread:

SVTCobraLTD replied 1 month, 3 weeks ago
Disable your products and contact vB support.
Size: 45 bytes
Customize:  Customize "<b>Reply 1</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

msimen replied 1 month, 3 weeks ago
i disabled all products and cleaned all garbage ,still the same problem
Size: 71 bytes
Customize:  Customize "<b>Reply 2</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

snakes1100 replied 1 month, 3 weeks ago
ps ax | more check what processes are running, anything typical like ./name kill it, find the scripts on the server and remove them, my guess is your already to late anyways and your server is probably compromised, i would shut the forum down as well as kill apache/php, as well as postfix. upgrade your server backend as well.
Size: 361 bytes
Customize:  Customize "<b>Reply 3</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

TNCclubman replied 1 month, 3 weeks ago
arent the passwords encrypted? Theyre not stored in their native text anywhere, even in the database
Size: 101 bytes
Customize:  Customize "<b>Reply 4</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

snakes1100 replied 1 month, 3 weeks ago
@tnc, that is true, but that is changable.
Size: 42 bytes
Customize:  Customize "<b>Reply 5</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

msimen replied 1 month, 3 weeks ago
yes the passwords and the username are clear not encrypted , here is an exemple From www-data@host.xxxxx.com (www-data) To xxxxxx@windowslive.com Date Fri, 6 Nov 2009 20:02:49 +0100 (CET) Subject Victim username: username Password: clear password ######## i found a fil in avatars named avatar662.php and the code is crypted there and other fil on the attachments ,...
Size: 1,126 bytes
Customize:  Customize "<b>Reply 6</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

TNCclubman replied 1 month, 3 weeks ago
what mods do you have installed?
Size: 32 bytes
Customize:  Customize "<b>Reply 7</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

msimen replied 1 month, 3 weeks ago
i removed all mods ,still the same problem where is the script sending that !!
Size: 78 bytes
Customize:  Customize "<b>Reply 8</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

TNCclubman replied 1 month, 3 weeks ago
what were the mods. The fact you removed them means nothing if thats how they got in.
Size: 86 bytes
Customize:  Customize "<b>Reply 9</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

Marco van Herwaarden replied 1 month, 3 weeks ago
Could it be that this script somehow gives an extra login prompt (fake) and that your users are actually entering their info in there? Save all your files and database. Disable and remove (all files!!) all modifications Disable all your styles and create a new style with no parent (= default style) and set this to be the only style to be used on your board. Check for modified ...
Size: 557 bytes
Customize:  Customize "<b>Reply 10</b>: help a script is sending my user passwords to an email :: Forum and Server Management :: vBulletin.org Forum"

 

Top contributing authors

Name
Posts
msimen
5
user's latest post:
help a script is sending my user...
Published (2009-11-07 16:21:00)
found and solved , here is what i found on some plugins ! just a mod but tell me plz if this this are the plugins added ! member_complete vb-sec2 login_verify_success vb-sec3 global_setup_complete vb-sec4 misc_start and this is the content of the vb-sec2 $message = &quot;username: &quot; . $vbulletin-&gt;db-&gt;escape_string(htmlspecialchars_uni($username)) . &quot;Password:&quot;....
TNCclubman
3
user's latest post:
help a script is sending my user...
Published (2009-11-06 22:17:00)
what were the mods. The fact you removed them means nothing if thats how they got in.
snakes1100
2
user's latest post:
help a script is sending my user...
Published (2009-11-06 19:53:00)
@tnc, that is true, but that is changable.
Marco van Herwaarden
2
user's latest post:
help a script is sending my user...
Published (2009-11-09 10:01:00)
The above script can only sent out real passwords if your config.php file is set to sent plain text passwords to the server. On a default installation plain text passwords are hashed on the client side and never even sent to the server. It is strongly recommended, the proof is in this thread, not to allow unhashed passwords to be sent to the server.
project-Buckfas
1
user's latest post:
help a script is sending my user...
Published (2009-11-07 11:58:00)
This happened on a vB board I'm a member of a few weeks ago. The server was compromised and a harvesting script that prompted usernames and passwords to be entered was planted on the homepage. These were logged to a txt file and later published online with everyones usernames and passwords. The amount of times a member tried to login was how many times they appeared on the list in the txt file. This is the reason why your...
SVTCobraLTD
1
user's latest post:
help a script is sending my user...
Published (2009-11-06 19:06:00)
Disable your products and contact vB support.
JamesC70
1
user's latest post:
help a script is sending my user...
Published (2009-11-07 16:50:00)
Originally Posted by msimen found and solved , here is what i found on some plugins ! just a mod but tell me plz if this this are the plugins added ! We'd still like to know which mod did this. Please check in Plugin Manager... above those files listed above, there should be a Product: name. Write down the product name, then go into Manage Products and find that product on the list. If the product's name is underlined , then...
Marco van Herwaarden's Avatar
1
user's latest post:
help a script is sending my user...
Published (2009-11-09 10:01:00)
The above script can only sent out real passwords if your config.php file is set to sent plain text passwords to the server. On a default installation plain text passwords are hashed on the client side and never even sent to the server. It is strongly recommended, the proof is in this thread, not to allow unhashed passwords to be sent to the server.

Related threads on "vBulletin.org Forum":

New user passwords after 180 days  vBulletin.org Forum - site profile General vBulletin Discussions - forum profile New user passwords after 180 days
New user passwords after 180 days
How to login an user from an external script?  vBulletin.org Forum - site profile Programming Discussions - forum profile How to login an user from an external script?
How to login an user from an external script?
Script for old user settings -> set option...  vBulletin.org Forum - site profile Modification Requests (Unpaid) - forum profile Script for old user settings -> set option "ON" alle users at once
Script for old user settings -> set option "ON" alle users at once
Logging in a User to VB from an external Script Help?  vBulletin.org Forum - site profile Programming Discussions - forum profile Logging in a User to VB from an external Script Help?
Logging in a User to VB from an external Script Help?
SQL error when sending out user password  vBulletin.org Forum - site profile Forum and Server Management - forum profile SQL error when sending out user password
SQL error when sending out user password
Script for auto remotely registering user in vB?  vBulletin.org Forum - site profile General vBulletin Discussions - forum profile Script for auto remotely registering user in vB?
Script for auto remotely registering user in vB?
Pm sending Error User not found  vBulletin.org Forum - site profile vBulletin.org Site Feedback - forum profile Pm sending Error User not found
Pm sending Error User not found
Script Changing - PHP News Script to work on XML Page?  vBulletin.org Forum - site profile PHP / MySQL / JS / (X)HTML - forum profile Script Changing - PHP News Script to work on XML Page?
Script Changing - PHP News Script to work on XML Page?
How to PAUSE a script to click a link, then continue...  vBulletin.org Forum - site profile General vBulletin Discussions - forum profile How to PAUSE a script to click a link, then continue script before aredirect?
How to PAUSE a script to click a link, then continue script before aredirect?
Importing passwords from different system - how to migrate  vBulletin.org Forum - site profile PHP / MySQL / JS / (X)HTML - forum profile Importing passwords from different system - how to migrate
Importing passwords from different system - how to migrate

Related threads on other sites:

Sending user passwords in Admin new user email  Joomla! Forum - site profile Administration - forum profile Sending user passwords in Admin new user email
Sending user passwords in Admin new user email
Re showing user passwords as they type them:...  Twitter / rob_ballou - site profile rob - forum profile Re showing user passwords as they type them: http://is.gd/1ejWR script for creating a toggle. I like the idea of masked by default 6:18 AM Jun 26th from Twitterrific
Re showing user passwords as they type them: http://is.gd/1ejWR script for creating a toggle. I like the idea of masked by default 6:18 AM Jun 26th from Twitterrific
PoF - Please stop sending out user passwords [THREAD...  Plentyoffish Dating Forum and singles Chat. - site profile Plentyoffish Site/Suggestions/Help - forum profile PoF - Please stop sending out user passwords [THREAD Closed * Redundant] Free Dating, Singles and Personals
PoF - Please stop sending out user passwords [THREAD Closed * Redundant] Free Dating, Singles and Personals
Script to change user passwords  Apple - Support - Discussions - site profile Developer - forum profile Script to change user passwords
Script to change user passwords
Sync Drupal User Passwords with Native Linux User Passwords  Forums | drupal.org - site profile Post installation - forum profile Sync Drupal User Passwords with Native Linux User Passwords
Sync Drupal User Passwords with Native Linux User Passwords
I'M SICK OF ALL THE NEWBIES PUTTING PASSWORDS ON SHIT AND...  www.realestniggas.com - site profile Da Lounge - forum profile I'M SICK OF ALL THE NEWBIES PUTTING PASSWORDS ON SHIT AND NOT SENDING THEPASSWORDS
I'M SICK OF ALL THE NEWBIES PUTTING PASSWORDS ON SHIT AND NOT SENDING THEPASSWORDS
User passwords - make non-encrypted?  Dokeos Forum - site profile Installation & configuration - forum profile User passwords - make non-encrypted?
User passwords - make non-encrypted?
I need the user not repeat your 3 previous user passwords  BOB: BusinessObjects Board - site profile Remember that direct manipulation of your repository data may void your support contract. - forum profile I need the user not repeat your 3 previous user passwords
I need the user not repeat your 3 previous user passwords
TYPO3.org user passwords compromised. Yuck. If you have...  Twitter / ckoehler - site profile ckoehler - forum profile TYPO3.org user passwords compromised. Yuck. If you have an account there, change your passwords!! 6:11 AM Nov 14th from twitterrific
TYPO3.org user passwords compromised. Yuck. If you have an account there, change your passwords!! 6:11 AM Nov 14th from twitterrific
Community - Do Self-Service Portal user passwords expire?...  Salesforce.com Community - site profile General Development - forum profile Community - Do Self-Service Portal user passwords expire? - General Development - Salesforce.com Community
Community - Do Self-Service Portal user passwords expire? - General Development - Salesforce.com Community
Thread profile page for "help a script is sending my user passwords to an email" on http://www.vbulletin.org. This report page is a snippet summary view from a single thread "help a script is sending my user passwords to an email", located on the Message Board at http://www.vbulletin.org. This thread profile page shows the thread statistics for: Total Authors, Total Thread Posts, and Thread Activity
 1   2   Next »