Admin(s):
I took a look at the registration form, and noticed the most obvious problem. The forum is only using a simple Question/Answer prompt for human verification. Get rid of it, it's vulnerable, it's stupid. The answer to that question is stored in cleartext within the php, writing a program to crawl php for an answer string is easy.
Solution:
1. Update to Vbulletin 4.1.x, there are many holes in this vb distro.
2. Remove the Q/A prompt.
3. Install a capatcha api, preferably RECAPATCHA, which I've have great results with personally.
Done. Questions? Let me know.
I took a look at the registration form, and noticed the most obvious problem. The forum is only using a simple Question/Answer prompt for human verification. Get rid of it, it's vulnerable, it's stupid. The answer to that question is stored in cleartext within the php, writing a program to crawl php for an answer string is easy.
Solution:
1. Update to Vbulletin 4.1.x, there are many holes in this vb distro.
2. Remove the Q/A prompt.
3. Install a capatcha api, preferably RECAPATCHA, which I've have great results with personally.
Done. Questions? Let me know.
Comment