Announcement

Collapse
No announcement yet.

just got hacked!!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Floris
    replied
    Originally posted by babolo
    I hope t doesnt attack vb anytime soon
    vBulletin doesn't have the same type of bug in its software like phpBB has. So that won't happen.

    Leave a comment:


  • Erwin
    replied
    Originally posted by Kier
    Globalize has been replaced with something altogether cleverer and more ninja.
    Let's make it the codename for the next vBulletin version.

    vBulletin Ninja

    Sounds great!

    Leave a comment:


  • Matthew Gordon
    replied
    It can't.

    Leave a comment:


  • babolo
    replied
    I hope t doesnt attack vb anytime soon

    Leave a comment:


  • Matthew Gordon
    replied
    Yeah, I know.

    Ninja powers!

    Leave a comment:


  • Floris
    replied
    ninja code is good

    Kung fu! (skills by effort)

    Leave a comment:


  • Kier
    replied
    Globalize has been replaced with something altogether cleverer and more ninja.

    Leave a comment:


  • Matthew Gordon
    replied
    But I like the globalize function.

    Leave a comment:


  • Scott MacVicar
    replied
    As of the future releases it should be nigh impossible to have malicious user input as every single reference has been changed to a new system. I guess that gives away what the censored word is in Jerry's signature

    Leave a comment:


  • Colin F
    replied
    I think I remember reading something about this long ago, and if I recall correctly this was the case (then).

    No idea how it's handled now...



    (then again I might be wrong )

    Leave a comment:


  • AWS
    replied
    Originally posted by Scott MacVicar
    vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.
    Do you have a security audit done on the code before major releases?

    Leave a comment:


  • Scott MacVicar
    replied
    vBulletin had these holes once apon a time too but we sorted ours several years ago in 2.0.0 beta series in 2001.

    Leave a comment:


  • Floris
    replied
    Originally posted by AWS
    I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
    In any case exploiting security holes in forum software just took a turn for the worse.
    The exploit is so serious that you give remote access to do whatever you want on the shell. For example, edit, replace and remove files. Which is exactly what this worm did.
    It is a worm because it used Google to spider for phpBB powered sites and then exploit it.

    Leave a comment:


  • AWS
    replied
    I just read The Reg and seen it was a phpbb exploit and not a php exploit that was reported last night.
    In any case exploiting security holes in forum software just took a turn for the worse.

    Leave a comment:


  • akiy
    replied
    Originally posted by AWS
    The exploit uses a hole in php.
    Actually, it uses a bug that was in phpBB's "highlight" function, not the serialize/unserialize bug that was recently announced for php.

    From http://isc.sans.org/diary.php?date=2004-12-21:

    "As part of our first post on this, we speculated that the worm may be using one of the recent problems in php to spread. After getting a hold of the code, it turned out that it is specific to phpBB and only uses the highlight vulnerability in phpBB."
    Time to upgrade php everyone if you haven't already.
    A good idea, in any case.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X