[kiristine]

Hello All,
I have a rogue admin which we have had to ban. We have changed our vbulletin and ftp passwords so that he can no longer access the site, but he claims that he can destroy the site through the Advanced Warning System. He installed and configured it and never passed any of that knowledge on, so I am not sure what to believe. I really doubt he can do anything, but I would like to be sure.

Is it possible for him to damage our site through AWS when he does not have access to the VBulletin admins?

Thanks,
Kiristine

I'm not familiar with AWS as I don't use it, but it if requires access to the AdminCP:

http://www.vbulletin.org/forum/showthread.php?t=105759

[SCRIPT3R]

anything's possible... i would remove the AWS to be on the safe side. the little benefit the hack provides is not worth a complete system loss IMO.

[cfitzarl]

Have you tried to ip ban him, user ban him, and any other banning methods? Have you removed the AWS?

[kiristine]

We havent removed the AWS because we use it really heavily. He is banned, but I am sure he has figured out ways around that. Today we got this message on the forum:

((((Hi there My Creator
SuperAdmin found = 1
ID #: 1
Nick used: webmaster
Echo System: ON
Senemmar System: OFF
SuperAdmin is yours now, Creator
you shouldn't change my work without my permission
you shouldn't leave this woman showing her hate this way
Kindly Remove AWS and pray for forgiveness

I am guessing he has found some kind of loophole. Any ideas on how he did this?

Also, is there another tool we can use that performs similarly or is AWS really the only option? At this point I would not be averse to paying for a tool that provides the functionality we need.

Thanks in advance!

[EnIgMa1234]

the default infractions system is like this. only 3.6 though. was that message a pm of sumthing else?

[kiristine]

My theory is that the former admin is using AWS to continue to monitor the site. Someone had posted a comment on the forum that they would like to rename AWS. A reply was posted by the robot with that message. The guy was flexing his muscles to prove that he still has control.

By the default infractions system, you mean what ships with Vbulletin OOTB, correct?

[EnIgMa1234]

here's a description of the infractions system
what version of vbulletin are you running?

http://www.vbulletin.com/docs/html/m...ractions_intro

[kiristine]

Thanks for the link.

We are running Vbulletin 3.6.4 and AWS 3.6.0.

[EnIgMa1234]

the infractions system is already their then. its basically a warning system

i strongly suggest you take out AWS

[sv1cec]

I PMed you already.

If your board is not heavily hacked, shut down your vB, change the password to your database, change the SuperAdmin user id to a new user id, change every Super Admin and Admin password and then re-upload the vB files and AWS files from the distribution zip file. More than likely this person has changed the standard vB distribution to allow him in the system even if he is banned or deleted from the database. That is not something that AWS does. AWS follows vB standards for authentication etc. It's your vB files that you should worry about most.

Enigma1234, the build-in vB system is far from being equivalent to AWS.

[0tolerance]

I think this guy is just throwing empty threats around, if you didnt know him before to be some brilliant hacker, chances are he still isnt one.

tell him to f$%k off! If he does hack your board, hes an idiot..
you have his threats, his IP address...
the second it happens call the cops.
internet crimes can give you a suprisingly lenghty jail sentence.

just back your database up once a week and you will be fine.