Thread: Inappropriate Spam Private Messages
View Single Post
  #20   Spotlight this post!  
Unread 21-07-2008, 10:21
Brandon Martus's Avatar Unsung FIRST Hero
Brandon Martus Brandon Martus is offline
busy.
AKA: B. Slash Kamen
no team
  
Join Date: May 2001
Rookie Year: 1998
Location: Nevada, TX USA
Posts: 5,271
Brandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond reputeBrandon Martus has a reputation beyond repute
Send a message via ICQ to Brandon Martus Send a message via AIM to Brandon Martus Send a message via Yahoo to Brandon Martus
Re: Inappropriate Spam Private Messages
An update: after some research, this was not a vBulletin exploit. No data was compromised, or hacked. There are multiple other forums experiencing the same PM spam, all reporting that the accounts being compromised had username==password.

I will be resetting passwords on anybody who has username==password, to prevent this from happening in the future. vBulletin will most likely prevent people from setting username==password in future versions, it looks like, as well.

I still have to clean up inboxes -- mine has 2 unread, missing PMs.

EDIT: 117 passwords reset .. and it will perform this reset automatically, every night without notice to prevent future attacks.

EDIT: The private messages should be cleaned up now. Let me know if you still have weird things happening in your PM inbox.
__________________
Brandon Martus
e-mail
Last edited by Brandon Martus : 21-07-2008 at 11:30.
Reply With Quote