UBB.threads PHP Forum Software Community Forums UBB.threads 7 Version 7 Support password problem

hi
looking for some advice and help. on the forum i run we had 3 admin status users but i had to ban one. now everytime i try to loggin my passowrd has been changed so i have to get other admin ueser to going and change the password so i can logging. can you help here by telling me how he can do this as he is been ban from the forum please and how to stop it. we know it is the admin person who was ban because even text me saying he did.
please help it is getting very annoying
Carlos

well, if he was admin, he knows a heck of a lot about your board.

ie: mysql login details, paths and stuff...

did you just ban his username? IP ? what?

what kind of knowledge is this person? is he a programmer type? just a joe blow web user?

have you examined the admin logs to see what is going on?

what version board are you running?

hi
he know alot about computer and editng and websites. the version we are using is 7.3b5. i think we just ban the name how do you ban the ip address. yes i have exmaind the logs and can not see anything strange.
Carlos

yoursite.com/admin/membermanage.php

allows you to ban his IP, although if he's web savvy he'll just use a proxy to get around that.

i'd change the mysql password too and also configure mysql (if possible) to only allow localhost connections.

if he knew the FTP password, then nothing you do will stop him from screwing with you.. you'd need to change that too..

you mighta banned him too quick, before getting all the stuff secured

i guess i'd have to look at it closer to see what's going on though..

cheers for that how do i change mysql password is that the password for my own server. i have change the password for FTP password. thanks for the infor what happen if you say you have forgot my passward to the forum where does the new password go to just had a thought.
Carlos

forgot password sends an email to the email address on file (in the DB) for that user, so he could have changed YOUR email address to one he has access to and just does a forgot password on your account to change it every time..

changing the mysql password is usually done from your site's cpanel (not the ubbthreads admin cpanel), but the one that your host setup for you.

also, if this guy had access to that cpanel, you should change that password.

and he could have easily installed a software page that allows him backdoor access at anytime..

so dunno what kind of access he HAD, but if he had full access to your site, you are screwed if he really was good enough to put stuff in like that..

to help more, you should really describe what kinda access he DID have before.. cpanel, mysql, domain admin? what was it? was he the one responsible for upgrading your ubbthreads too ?

the MORE he had, the worse situation you are in

it was person we thought we could trust and he had full access to the site and the server where the forum is kept

you are perty much screwed -- you'll need to change the main host account password and any email that might be HIS that is attached to administering it, then change the mysql password..

right now, he can just go into phpMyAdmin and do anything he likes..

and this is not to preclude him having some sort of software already installed that allows him in at anytime too..

this is where you'd need to look at the apache logs and not only the ubbthreads logs..

in short -- it's UGLY!

cheers for you help
where do i find the apache logs is that on my host directory
Carlos

you really need professional help at this point. me replying in this thread and back/forth prolly ain't gonna solve your problem(s).

if you are wondering where the apache logs are on your box, then the other guy already has you beaten..

cheers for you help would you have look or is that to much to ask
Carlos

it's not too much to ask, when you have money to spend on me

but for free?

this needs more than just a casual look / fix..

ok let me know much you are looking for, if this can be fix

it's best that you just PM me with details on your server and we go from there..

not a good place to have all this in an open thread...

just pm you

He could have also installed 3rd party utilitiees to login to the server... :ahem:

yah, it's really not worth it for me to go in and search around for stuff he might have put on there.. its too expensive..

i'd suggest you find a way to make nice with the guy.. it's a lot cheaper than what it would cost to hire me.. and then there are really no guarantees. if he was very web/server savvy, you may be forever compromised until you move off that server and start fresh..

thanks for the PM, but i don't think i want to get into this mess..

I'm generally more than willing to dive through the server; however it'd likely take several hours and there would be no definitive guarantee against missing something which may be hidden well...

On top of everything SD pointed out, as an added layer of protection, be sure to change your email account password.

I once messed with someone on a board that gained access to something on one of my boards. IF you allow HTML in post's nothing you do is going to help you as he may have installed a HIDDEN javascript that sends him the login name and password for everyone that reads that post.

Just a thought, took the dude a year to find it on his board, LOL.

But I'm also not suggesting ever doing this and if you did you would really need to know your stuff to pull this off and need a web server of your own to retrieve the data without being noticed as well.

hi all cheers for your help
it has got far worse now the person in question has somehow closed the forum down and delete all the users even mine. any idea how i can reopen the forum.
help
Carlos

i believe i said 'you are screwed' -- so hopefully you had your host make or YOU made a backup of your mysql DB ?

if so, then moving to another host is the 1st step..

the other thing would be to scrub your DB for any stealth admins..

change all your existing admin psws...

bleh.. it's a mess, but you need a backup of your DB to at least start with.