• Welcome to BradleyFans.com! Visitors are welcome, but we encourage you to sign up and register as a member. It's free and takes only a few seconds. Just click on the link to Register at the top right of the page, and follow instructions. If you have any problems or questions, click on the link at the bottom right of the page to Contact Us.

Fishy Voting in the "Rate Jim Les II poll...

Status
Not open for further replies.
I've been ready to put this behind. Let it go to the 2nd page and be forgotten about. Just stop calling me out and it all goes away. Like always.


And I know what it means...I don't need the link. I'm not an id*ot.
 
I should have said anti-Bradleyfans, not anti-BU.
I said I was done commenting, but just to clarify a couple things-
Yes, we have contacted experts- one at vBulletin, and also an indepenent software contracter who will add the software patch necessary to correct the problem.
The hacker cannot be traced because they were able to hide their IP. Their IP address shows up only as: .
Maybe your friends can tell you how that can be done, I don't know.
If a hacker can be charged with criminal action, then I suppose tracing could be carried out further by getting a warrant.
But in this case, we aren't able to pursue this further.

And finally- you are wrong- I have never accused you of "being the bad guy". It is in fact you who have made all the allegations, that someone here would fake the voting in the poll. That's ridiculous. But believe whatever you want.
 
haha i didn't make the allegations. Remember I didn't even vote in the polls. I merely came on here a few days after it happened and couldn't believe something "fishy" happened again. Others (not me) were saying what they thought happened.

For instance I started neither of the threads that contain most of the content about what happened in the poll...


kudos for contacting an expert then
 
Ockham theorized his "razor" to describe natural events.
It applies far less when human intent is involved.
 
Wow... Really guys? I seriously can't fathom that this is that big a deal... Wow... I'd hate to see what would happen if we lost a couple more games. Here pretty soon DC, and tornado (even though he is not a moderator, nor has he been for a while...) are going to get a brick through each of their windows with threats... For being fans and (DC) for starting a message board... I know if I were in those shoes I'd definitely be inclined to continue forking over money to keep this going... for sure...
 
lol now you are taking it to a whole other level that has not only never been mentioned but never even thought about

I honestly wish no one no harm haha just reform
 
Bradleyguy10 said:
yep that one person had all accounts in alphabetical order too...since that's how the votes were (exactly alphabetical from A on down by ppl with 0 posts)...but of course you knew that since I said it earlier
Click to expand...

I just read through this topic out of curiosity, being a former message board admin. I was finding it difficult to believe anyone could log into 10+ accounts and vote in a poll within roughly a minute.

If the assertion above is accurate (alphabetical order, old accounts with very few or zero posts), it sounds very much like a programmed script that searched through the database by username, checking post counts and dates, logging in (perhaps even altering the password), registering a vote, then blanking out the IP.

My experience is with phpBB, but unless vBulletin is that lax, I don't see it accepting any actions without an IP address. If I understand correctly, even proxy sites have an IP. They just mask your originating IP with their's.

It would require intimate knowledge of vBulletin and it's password encryption algorithm (assuming it uses one).

Just my $.02.
 
Has anybody asked where Jim Les's Mom or Jody Les was, when these tresspasses occured?
Do they teach IP 101 at ND high, maybe it was Tyler?
dum Da da dum. It was Fiday morning and I was on the day watch------------------------
 
RoyalShock said:
I just read through this topic out of curiosity, being a former message board admin. I was finding it difficult to believe anyone could log into 10+ accounts and vote in a poll within roughly a minute.

If the assertion above is accurate (alphabetical order, old accounts with very few or zero posts), it sounds very much like a programmed script that searched through the database by username, checking post counts and dates, logging in (perhaps even altering the password), registering a vote, then blanking out the IP.

My experience is with phpBB, but unless vBulletin is that lax, I don't see it accepting any actions without an IP address. If I understand correctly, even proxy sites have an IP. They just mask your originating IP with their's.

It would require intimate knowledge of vBulletin and it's password encryption algorithm (assuming it uses one).

Just my $.02.
Click to expand...

Sorry to keep dragging this out- but it's my understanding, and I could be wrong, that this flaw that we have been told could have accounted for this problem allows an unauthorized user to access other registered user's accounts via their profile page, and without a password.
Don't ask me how it's done, but this alert describes it-
http://www.vbseo.com/f220/vbulletin-3-8-4-pl1-3-7-6-pl1-3-6-12-pl2-released-37772/
It is easy to understand that such an attacker might go down a list of members alphabetically, that would be my guess.
 
The thing is, the accounts weren't necessarily in alphabetical order. IIRC, at least 3 of those who voted were DU1995 (who magically last logged in yesterday since not posting anything since April of 2007), RHS (who apparently has since been deleted), and Tornado. I forget who the others were, because the poll was taken down shortly after I mentioned something and my memory is not photographic.

The odds of someone getting into users accounts and hitting a run of people that aren't in alphabetical order who never post anything, and then an administrator, strikes me as odd.
 
The reason this "hacker" thing doesnt fly is because it all comes down to motive. There are MILLIONS of sites (or parts of sites) for a programmer to target. When a given site is target, there is a reason for it. The only thing gained by this "hacking" was Les' "grade" was made better.

The question is who and why would want to do that, and whether or not that is important enough thing to draw ANY interest from someone with the requisite skills.

-----------------
I feel comfortable that there was no hack at all, and someone with access to the database just added the records directly.

I personally dont care who did it, but, all of this "hack" talk is just absurd - that did not happen.
 
We have the names of those that "voted", and those accounts have all been suspended to prevent further unauthorized access.
They were all longtime inactive users.
I am the one and only person with administrative control.
Neither moderators nor administrators can post under a users name without knowing the password that was set by the user.
An administrator can reset a user's password, but again, I am the only administrator, and I have better things to do with my time.:D

I am convinced beyond any doubt that this was done by a hacker who had figured out and exploited the known flaw described above.
I have suspicions who it might have been, and that we might have been targeted by someone rather than a random event, but nothing can be proven.

If anyone has any further questions, please feel free to send me a PM, as I will not discuss this further on the board.
This thread will be locked.
 
Status
Not open for further replies.
Back
Top