Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by wajones View Post
    We're having a discussion and in my last post I clarified that it was a debatable thing to do.
    These fixes were announced this way:

    Additional Security measures

    1. Disable phpsuexec and set the php passthru setting to 1 in php.ini


    There was no discussion or suggestion that they may not be required or resolve the problem. They should have been presented with a little more justification than just "additional security measures".

    Comment


    • I think I clarified that in the post right before yours.

      Comment


      • My point is that it should have been done when the suggestions were originally made. There was no discussion or qualification when the suggestions were made -- and the result is that people were chasing these down trying to make changes that probably weren't called for.

        Comment


        • The 'people' are my customers and I was told by the security administrator of my host, a reputable hosting company that it was called for. I made the decision to post based on that and I stand by what I posted and the reasons for posting it at the time.

          I changed my position later because so many were getting different answers and I'm not going to dispute what their hosting company tells them. Like I said I really don't know, I thought I was right before, but when I realized I may not have been I clarified it.

          Comment


          • My site acting funny

            For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.

            Comment


            • Originally posted by funpilot View Post
              For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.
              Have you applied the relevant patch set for your vbportal version ?

              Comment


              • Originally posted by funpilot View Post
                For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.
                Check the access logs of your server. I am sure, even if you are hosted, your provider must give you at least access logs, if not combined access/error.

                Comment


                • I just checked, it's not down. Must have been something else.

                  Comment


                  • I think this post shows you the measure of the man who is wajones.

                    He had no reason to allow unregistered users the abilty to patch software only a moral one which he chose to do. He also kept posting in this thread updating people as and when he had anything to update you with in between some uncomfortale reading for him.

                    I hope he and his team have the situation rectified and wish him well, perhaps some of you had vallid points with regards to making members aware of the exploit earlier, however what you have to remember is wajones is doing this as a hobby that much is plainly obvious and to be honest how would any of you react to not only getting your website hacked but to being blackmailed at the same time and perhaps he understandably made an error in judgment or maybe he did everything he could at the moment he could do it, I tend to believe the later.

                    I am not a license holder although i have been many years ago (about the time i joined this site) but to this day i remember my time on his site with a great deal of pleasure and remember a person who would willingly help the less able of us to do things to our websites that we would otherwise be unable to do and not ask for anything in return I see nothing has changed in that regard.

                    Once again my best wishes go out to you and your team wajones in my humble opinion you have handled this situation admirably and have much to be admired for...

                    Comment


                    • Not related

                      I have not experiencing any other symptoms so I am certain my issues were not related. I too have worked closely with Bill and can tell you he is definitely a man of integrity and honor. My site is used by healthcare providers all over the country and we could not have created it with out his help. As for me, I am below "less able" ....

                      Yes, my site has the patches.

                      Comment


                      • I Can't Belive This!

                        Even changing the passwords and users i was hacked , I loose all my business and the accounts of my hosted people with all their information, we even get the time to save nothing, so now can somebody tell me why we pay for a license of something with this vulnerabilities???? Can somebody tell me who goes to pay me all the money I need to refund, all the works and hours I spend on my business??

                        I already reported that to the Better Business Bureau, this is crazy, it doesn't have no name !

                        Comment


                        • Originally posted by yessenia1974 View Post
                          Even changing the passwords and users i was hacked , I loose all my business and the accounts of my hosted people with all their information, we even get the time to save nothing, so now can somebody tell me why we pay for a license of something with this vulnerabilities???? Can somebody tell me who goes to pay me all the money I need to refund, all the works and hours I spend on my business??

                          I already reported that to the Better Business Bureau, this is crazy, it doesn't have no name !
                          Did you report vBportal or vBulletin? - Note that vBportal is NOT a vBulletin product, nor supported.

                          Comment


                          • Please see this thread on how to make your vBulletin more secure:

                            http://www.vbulletin.com/forum/showthread.php?t=172234

                            If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.
                            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                            Change CKEditor Colors to Match Style (for 4.1.4 and above)

                            Steve Machol Photography


                            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                            Comment


                            • Clearing confusion

                              I did not report VBportal or Vbulletin, I reported the hacked problem with the shortcut and information i could find on internet and through the security system I had installed on my server. Hope they can do something about, this hackers don't think with the head when they do things, i don't know why people like me or my users we need to pay for the problems they have this people with others!

                              Yes, my provider is already taken care of the server too, but was only my website both domains was hacked the rest was safe but we needed to move to another server, now the problem is that all information is loose, completely and is no way to recupere it.

                              Is desperate!

                              Comment


                              • Originally posted by firewire View Post
                                The email (I got one, too) is indeed originating from the www.vbportal.com / www.phpportals.com server. Looks like they have been hacked.
                                The fact the hackers were emailing all registered users at the vbportal.com forum proves they had access to the user database, which means your email address plus forum password.

                                I'd advice you to change your password anywere you are using the same user/password combination as on vbportals.com/phpportals.com

                                It is not very unlikely the email address you are using at that forum will be getting a lot of spam soon. if so thats a nightmare.

                                What troubles me most is the hackers' statement:


                                If they are right means the vbportal.com/phpprotals.com server admins didn't do their homework at all, and they even neglected their users's privacy and data protection. Shame on them.
                                Does this mean the hackers have got the information now on users accounts. Like Username and Logon to download there product acting as another user.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X