Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Was on a private list this morning that requires credentials to access, I suspect it will filter through to public lists soon.

    Not sure why'd you need to know what it entails, its a simple remote code execution exploit that can be used to install a shell.

    Best thing to do is install the updates that have been posted for vbportal or simply remove it if you dont want to do that, its a very serious error.
    Scott MacVicar

    My Blog | Twitter

    Comment


    • Fair enough, thank you.

      I didn't get a chance to download the files from their site when it was up, so I've shut my portal off for the time being.

      Anyone know if the updated version is posted somewhere else? We're missing the portal already It can wait though as I know their is license issues involved.
      Just another squirrel trying to get a nut

      allthingsmoto.com, bodynspirit.net, & payinitoff.com

      Comment


      • I'd like to know a little more about what this entails, only so that I can protect against it temporarily. I am not in a position to install the updates (are they available through other means since vbportals is down?) because I'm not the actual license holder. Yes, the site owner/webmaster needs to get the updates and do this and he will soon, but that isn't possible at the moment and neither is removing vbportal from the site.

        We aren't using phpsuexec, yet the site did manage to get some readme.txt files with "Hacked By vbPortal hackers" in them.

        What I would specifically like to know is if setting disable_functions = passthru in php.ini will mitigate this for now?

        Also it was mentioned to set "the passthru setting to 1" in php.ini but I could not find a reference to that anywhere (and I did spend considerable time googling). The closest thing I could find was in the [odbc] section for binary data handling. (0 means passthru, 1 means return as is)

        I'd be grateful if someone in the know could reply.

        Comment


        • Originally posted by wajones View Post

          Our host 'Liquidweb' to date has been little or no help at all. The first line tech's have responded with a few things an have tried to help, but bottom line the abuse support is non existent as far as security.

          Security has not even answered my tickets in 4 days. I ask last night to have my database restored (they supposably backup every night) Not even a answer about that.
          What about their phone support?

          Comment


          • there back well done mr jones

            Comment


            • Aaaannnd... it looks like they've been hacked/defaced *again*.

              Comment


              • It's up and running for me.

                Comment


                • now vbPortal.org has taken a beating

                  got an e-mail:
                  Hello Again

                  www.vbportal.org & www.vbportal.org/forums
                  are defaced

                  http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=45&id=4421867


                  vbPortal is Hacked Again By R00t[ATI] & SecAnalyst
                  We've tried to Advise the admin of the vbportal but we were not
                  successful

                  if you can please Advise him about the recently hacks , Defacements,
                  Holes and other things.
                  NOW i want to Delete all of their DB after mailing

                  Comment


                  • Originally posted by Freesteyelz View Post
                    It's up and running for me.
                    Nope.
                    Italian Body Building & Fitness : www.BodyWeb.com
                    Italian unofficial support Forum : www.vBulletin.it

                    Comment


                    • Seeing the hack has happened again (didn't I read in this thread the problem was fixed?), I'd like to know whether the problem is vbportal-(software)-specific, vbportal-hosting-specific or vBulletin-specific.
                      I have registered years ago for to the vbportal.org forum out of potential interest, but I am not using it, so I am asking myself right now if my site, too, is in danger.

                      Thank you for clarifying.

                      Comment


                      • They were running vbulletin 3.0.9 + an old vbportal so it could have been either.
                        Scott MacVicar

                        My Blog | Twitter

                        Comment


                        • I'm glad I didn't use a regular email alias years ago when I first signed up for that site.

                          I'm also glad I stopped using vbportals years ago even after paying the "contribution" fee or whatever they called it at the time. I feel for them, but I'm also still highly annoyed they didn't alert their userbase first before the hackers did it for them. In any case, now that they've pissed them off I suspect this will continue for a good long time.
                          Ixian
                          Maximum Gamer

                          Comment


                          • Just to make sure: Is vbportal.org and vbportal.com being run at the same provider, by the same people?

                            Comment


                            • Originally posted by ixian View Post
                              I feel for them, but I'm also still highly annoyed they didn't alert their userbase first before the hackers did it for them.
                              HUH??? Alert their users that they we're about to be hacked? Does that even make any sense?

                              And apparently this an an attempt to get money. It's a pretty common ploy in the hacker community, perpetrated many times against places like Online Casinos, and even porn sites. However, they are widening the scope of targets; as unfortunately Scott & WJones have discovered.

                              Scott & WJones, please contact me if you want any assistance. With out going into details in public, I work in InfoSec. So contact me if you want, and I'll see what help I can offer.

                              Either way, good luck guys.

                              Comment


                              • Where are the patches for VBPortal? Seems like they should be made available somewhere other than on a site that is being actively attacked.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X