Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lordy guys. I hate seeing you having to deal with all this crap.

    Idiots(hackers) like this need to be taken out back and beaten.

    Comment


    • So maybe this is a case in point why running older software is bad. Also, no one seems to know for sure how they are attacking that site.

      Comment


      • I'm concerned, particularly since it happened again today.

        I also use LiquidWeb and have a dedicated server with them. Is the problem related to php and should be fixed by LiquidWeb, or is it the vbportal script? If I don't use vbportal, am I still at risk due to some setting in php?

        Comment


        • Originally posted by BigCheeze View Post
          HUH??? Alert their users that they we're about to be hacked? Does that even make any sense?
          It makes all the sense in the world when you actually put it into context instead of knee-jerking out a response. I'm not talking about warning that vbportal's site was about to be hacked. I'm talking about the fact that everyone else's site could be open to attack. You know, their customers? The ones who paid them for the software?

          By vbportals own statements, they were notified of the vulnerability before it was made public, along with clear evidence that they (the hackers) weren't kidding around. They (vbportals) could have informed their users, at the very least the ones who actually paid them for their software, that a vulnerability existed and that users should take appropriate precautions - shut down their sites, pull up to date backups, whatever - just in case.

          Sure, the hackers were trying to extort money out of vbportals, and yes that happens all the time unfortunately. That's not the point. Let me ask you this: what if instead of doing what they did the hackers immediately released the exploit to every script board and IRC channel? And suddenly a thousand copycats were sent out in to the wild to hunt down other vbportal sites? That exact kind of thing also happens all the time.

          My point was, and remains, that the only reason any of us know anything about this is because of the hackers themselves. Before they went public with it there was a (admittedly small) window where vbportals could and should have made a best effort to inform existing users - and they didn't. Again, I feel bad for the guys but that doesn't excuse the lack of immediate response to this problem. The second they got that email that included copies of their httpd.conf or whatever it was that proved the hackers had gained access they should have notified their users. This could have been a lot worse.
          Ixian
          Maximum Gamer

          Comment


          • PhPportal is experiencing some problems again
            Cannot access their website: Here is the message

            There seems to have been a problem with the database.
            Please try again by clicking the Refresh button in your web browser.
            An E-Mail has been dispatched to our Technical Staff, whom you can also contact if the problem persists.
            We apologise for any inconvenience.

            Comment


            • Just got this email:

              Hello Again
              www.vbportal.org & www.vbportal.org/forums are defaced
              http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=45&id=4421867

              vbPortal is Hacked Again By R00t[ATI] & SecAnalyst We've tried to Advise the admin of the vbportal but we were not successful
              if you can please Advise him about the recently hacks , Defacements, Holes and other things.

              NOW i want to Delete all of their DB after mailing
              But the site appears to be up.

              Comment


              • Welcome, firewire.
                You last visited: 07-15-2002 at 08:08 AM
                Unfortunately, I cannot change my email address there, something I'd really love to do right now.

                Comment


                • Update that I put in relates to http://www.phpportals.com/
                  NathanLedet already reported about www.vbportal.org at 9:56am

                  Comment


                  • This is getting old. I know wajones, scotsmist.. and the rest are doing their best - and always have.

                    Good Luck.

                    Comment


                    • No doubt about what you said....they are all great guys. It is just that I was logged on to their website this morning when it died down suddenly.

                      Originally posted by Bluetiereign View Post
                      This is getting old. I know wajones, scotsmist.. and the rest are doing their best - and always have.

                      Good Luck.

                      Comment


                      • Faking e-Mail headers is the easiest thing and has been done for years.
                        Steve, since you obviously know the exploit, it would be useful to tell us what component it is, to calm down the "masse"

                        Good Luck guys, I won't stop using the product because of some lame ass wannabe wankers from some tech-college, I'd rather use it more :P

                        ---

                        Btw. they already published something: http://securityreason.com/exploitalert/897

                        ---
                        Last edited by LB1UE; Mon 31st Jul '06, 11:35am.

                        Comment


                        • Originally posted by LB1UE View Post
                          I won't stop using the product because of some lame ass wannabe wankers from some tech-college, I'd rather use it more :P
                          here here, I help on the portals site and I won't stop helping , in fact it makes me want to help more

                          Thing is these radges think its here (vbulletin) there targeting .. SAD

                          Comment


                          • Originally posted by ixian View Post
                            It makes all the sense in the world when you actually put it into context instead of knee-jerking out a response. I'm not talking about warning that vbportal's site was about to be hacked. I'm talking about the fact that everyone else's site could be open to attack. You know, their customers? The ones who paid them for the software?

                            By vbportals own statements, they were notified of the vulnerability before it was made public, along with clear evidence that they (the hackers) weren't kidding around. They (vbportals) could have informed their users, at the very least the ones who actually paid them for their software, that a vulnerability existed and that users should take appropriate precautions - shut down their sites, pull up to date backups, whatever - just in case.

                            Sure, the hackers were trying to extort money out of vbportals, and yes that happens all the time unfortunately. That's not the point. Let me ask you this: what if instead of doing what they did the hackers immediately released the exploit to every script board and IRC channel? And suddenly a thousand copycats were sent out in to the wild to hunt down other vbportal sites? That exact kind of thing also happens all the time.

                            My point was, and remains, that the only reason any of us know anything about this is because of the hackers themselves. Before they went public with it there was a (admittedly small) window where vbportals could and should have made a best effort to inform existing users - and they didn't. Again, I feel bad for the guys but that doesn't excuse the lack of immediate response to this problem. The second they got that email that included copies of their httpd.conf or whatever it was that proved the hackers had gained access they should have notified their users. This could have been a lot worse.
                            Please consider what your saying.

                            phpportals.com was notified of "a vulnerability" with no specifics but some evidience that the server had been compromised and a extortion fee of $20,000 tied to several threats. No eveidence at all was provided to verify the vulnerability as real and so could easily have been faked and/or been caused by something other than vbportal software. A 48 hour window was given to pay the extortion fee. Note here: if evidence had been passed over showing the server had been compromised beyond doubt then yes you got it, it had allready "been hacked" and not "was going to be hacked"

                            Comment


                            • i got this

                              i got this from them today...

                              ----------------------------
                              Hello Again

                              www.vbportal.org & www.vbportal.org/forums
                              are defaced

                              http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=45&id=4421867


                              vbPortal is Hacked Again By R00t[ATI] & SecAnalyst
                              We've tried to Advise the admin of the vbportal but we were not
                              successful

                              if you can please Advise him about the recently hacks , Defacements,
                              Holes and other things.


                              NOW i want to Delete all of their DB after mailing

                              Comment


                              • You're like the 4th person to paste that message in this thread today.
                                Ixian
                                Maximum Gamer

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X