Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vbportal?

    Anyone else get a weird email from vbportal today?
    Hi All
    http://www.zone-h.org/index2.php?opt...=45&id=4398696


    YEAH VBPortal is Hacked By R00T[ATI] & SecAnalyst

    We have Informed you about a hole in the vbportal webApp
    But no one didn't answer our mails , it means this site doesn't have any 0WN3R
    if the site doesn't have any 0WN3R so who had change configuration of the Apache?
    Any idea what this is about?
    Fan Club member for VBulletin Dev and Support Team ;)

    Hysterectomy - GirlsGetGoing.com - Fabulous Fifty

    I'm frequently asked about the skin designer for my forums. ForumSkin.com

  • #2
    It may be a spoof, have you tried reporting it to vbportal ?

    Comment


    • #3
      I went to vbportal.....and its closed.
      Fan Club member for VBulletin Dev and Support Team ;)

      Hysterectomy - GirlsGetGoing.com - Fabulous Fifty

      I'm frequently asked about the skin designer for my forums. ForumSkin.com

      Comment


      • #4
        Try looking at vbportal's WHOIS and email the team. That's your best bet.

        Comment


        • #5
          you can see here why they are closed
          http://www.phpportals.com/forums/index.php


          EAH VBPortal is Hacked By R00T[ATI] & SecAnalyst

          We have Informed you about a hole in the vbportal webApp
          But no one didn't answer our mails , it means this site doesn't have any 0WN3R
          if the site doesn't have any 0WN3R so who had change configuration of the Apache?

          Comment


          • #6
            The email (I got one, too) is indeed originating from the www.vbportal.com / www.phpportals.com server. Looks like they have been hacked.
            The fact the hackers were emailing all registered users at the vbportal.com forum proves they had access to the user database, which means your email address plus forum password.

            I'd advice you to change your password anywere you are using the same user/password combination as on vbportals.com/phpportals.com

            It is not very unlikely the email address you are using at that forum will be getting a lot of spam soon.

            What troubles me most is the hackers' statement:
            We have Informed you about a hole in the vbportal webApp
            But no one didn't Ask our mails , it means this site doesn't have any 0WN3R
            if the site doesn't have any 0WN3R so who had change configuration of the Apache?
            If they are right means the vbportal.com/phpprotals.com server admins didn't do their homework at all, and they even neglected their users's privacy and data protection. Shame on them.

            Comment


            • #7
              I got the same mail. Have closed my portal but left forums open for now till I find out more. I would not be surprised if this were a Ajax issue.

              Comment


              • #8
                Doesn't look like they've done much other than highlight a vulnerability
                Dean Clatworthy - Web Developer/Designer

                Comment


                • #9
                  http://www.google.co.uk/search?hl=en...ch&sa=N&tab=iw

                  Google's picking that name up.

                  Comment


                  • #10
                    I am amazed to see nobody is worried about their email address and password has got into the hands of a hacker...

                    Comment


                    • #11
                      Originally posted by firewire View Post
                      I am amazed to see nobody is worried about their email address and password has got into the hands of a hacker...
                      The password can be changed as can the email address, however these must have been pulled from the vbulletin database RIGHT? So we all should be worried until the issue is resolved.

                      Comment


                      • #12
                        Originally posted by firewire View Post
                        I am amazed to see nobody is worried about their email address and password has got into the hands of a hacker...
                        They can't get anyones password.
                        Dean Clatworthy - Web Developer/Designer

                        Comment


                        • #13
                          Originally posted by Dean C View Post
                          They can't get anyones password.
                          You really believe that weak encryption is going to stop someone who has access to the database?

                          Don't stick your head in the sand, use common sense and change your passwords. What's it really going to hurt?

                          I got the same email, btw - thanks vbportals!
                          Ixian
                          Maximum Gamer

                          Comment


                          • #14
                            Okay than Ixian, you bruteforce a twice md5 encrypted password with a salt and get back to me when you've cracked it...
                            Dean Clatworthy - Web Developer/Designer

                            Comment


                            • #15
                              That's right, ignore the point of my post, which is to follow best security practices and change your password as a precaution, and focus on being "right". I never said *I* could break it, but I don't doubt for a minute that someone else can. That, however, is a pointless debate, so I'll just call it now:

                              Congratulations you win at the internet! Your prize is not in the mail.
                              Ixian
                              Maximum Gamer

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X