Yeah that's exactly what I thought. If it's a VB exploit then surely whoever's doing it would have much more to gain by getting into a moderator/admin account, then they could edit everyone's posts and make people say all sorts of things rather than just send PMs from MM's account. Just seems a bit strange that's all.

Does MM usually post from a static IP address? Just wondering if VBulletin has the ability to lock user accounts to IPs, I'm pretty sure you can with Invision and other boards I've used...

Indeed.

I also know for a fact that Michael has not been in Canberra, nor had easy Internet access since 6am on Friday morning.

Yes.

-Shaun

Well whoever it is was logging in quite regularly last night.

Why not change the password or does this exploit get around that too?

By the sounds of it though Michael may just have a rather weak password. Problem is, just where he uses that password might make it possible to do the usual password reset techniques anyways.

Mods, how about a password reset on his account and see if the problem returns. If it does, now you got a bigger problem.

Stu

If it's a password problem... let's just hope he doesn't use that same password anywhere more mission critical!

It's not.

G

Right then. So what's the issue and what exactly is being done to stop/prevent it, out of interest?

I appreciate that you're interested, but it's not something that I'm discussing at this time. Once we nail the monkey (and we're close) , then maybe I'll comment.

G

Okie doke

Hi guys,

Just to confirm what Gary and Jon have already stated, these PMs were not sent by Michael, as Michael is interstate for business purposes, and doesn't have access to the internet.

After all hacks on his account, the password has been changed to a more complex one, however, the issue as posted by Jon, seems to be a VB weakness, and the quicker its sorted the better for us

Well the question still remains as to why it's only MM's account being hacked - what's the point of hacking just one members account if you have knowledge of a weakness in the VB code then you'd aim for the bigger fish and lock them out and take over the board, just doesn't add up, there's more to this!

Maybe as previously stated its a previous customer or employee, and they only want to get back at Michael?

Hosting company owners will soon need to have personal security guards with the way things are these days.

Hi Guys,

A couple of points:
* As stated, it wasn't me sending the messages
* It has nothing to do with the password on the account and never has been. It is an exploit in the forum software.
* It is not just my account.
* Gary and Jon have assured me that the issue will be fixed soon.

Sigh.