|
Re: Inappropriate Spam Private Messages
An update: after some research, this was not a vBulletin exploit. No data was compromised, or hacked. There are multiple other forums experiencing the same PM spam, all reporting that the accounts being compromised had username==password.
I will be resetting passwords on anybody who has username==password, to prevent this from happening in the future. vBulletin will most likely prevent people from setting username==password in future versions, it looks like, as well.
I still have to clean up inboxes -- mine has 2 unread, missing PMs.
EDIT: 117 passwords reset .. and it will perform this reset automatically, every night without notice to prevent future attacks.
EDIT: The private messages should be cleaned up now. Let me know if you still have weird things happening in your PM inbox.
__________________
Brandon Martus
e-mail
Last edited by Brandon Martus : 21-07-2008 at 11:30.
|