Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 28 May 2013, 07:17
clauz's Avatar
clauz clauz is offline
 
Join Date: Dec 2010
Angry Someone extracted all users' emails from vBulletin DB

Hello,
I have a vBulletin forum 4.2.1 .
It is about Table Tennis.
Unfortunately last week all our community members (about 5000 users) have received emails from some guy who owns a Table Tennis Hall, regarding some Competition there...
He has an account on my forum and he registered there with the email responsible for the spam.
I think he hacked our database and extracted all users' emails so he can promote his business.
I must specify that send mail function is disabled for all users in our forum.

What can I do?
Reply With Quote
  #2  
Old 28 May 2013, 07:59
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Check server logs by getting in touch with your host if needed
Reply With Quote
  #3  
Old 28 May 2013, 08:21
Big Al Big Al is offline
 
Join Date: Nov 2011
Send in an abuse report to the email service. As he is using it in violation of his signed agreement with them.

If for example it is johnsmith @yahoo.com Then send a copy of the spam email along with the headers to [email protected] Naturally use the name of the email account, if it is not yahoo.

Just put the word abuse in front of the name as above.
__________________
All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident. Arthur Schopenhauer

"He who does not prevent a crime when he can, encourages it." Seneca
Reply With Quote
  #4  
Old 28 May 2013, 08:49
clauz's Avatar
clauz clauz is offline
 
Join Date: Dec 2010
I mean, it is possible for any user (no moderator or admin) to extract emails from vBulletin DB? (last version)
Can we somehow secure the database?
Reply With Quote
  #5  
Old 28 May 2013, 17:27
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #6  
Old 30 May 2013, 08:32
clauz's Avatar
clauz clauz is offline
 
Join Date: Dec 2010
Originally Posted by Lynne View Post
The only way they could have done that is if they hacked your server, or an admin account, and were able to query the database.
I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.
Reply With Quote
  #7  
Old 30 May 2013, 10:29
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by clauz View Post
I am the only admin, my password is very complicated, so nobody hacked my account.
The acces to mySQL is posible only from localhost, as the hosting adminstrator confirmed me.
Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs
Reply With Quote
  #8  
Old 30 May 2013, 11:48
clauz's Avatar
clauz clauz is offline
 
Join Date: Dec 2010
Originally Posted by ForceHSS View Post
Anything can be hacked no matter how secure you or your host makes it. Tell your host to check server logs
Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.
Reply With Quote
  #9  
Old 30 May 2013, 11:54
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by clauz View Post
Unfortunately, as I learned shortly, the email list was "extracted" a years ago, but it was used for some advertising only this week.
So no more logs available. My question is how to secure the DB so this never happen' again.
Or if someone have some knowledge's about similar facts on vBulletin DB.
Talk to your host about making things more secure. You can secure your forums more if you need help with this pm me will be happy to help u for free
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:06.

Layout Options | Width: Wide Color: