Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • eD2K.biz
    replied
    Originally posted by firewire View Post
    The email (I got one, too) is indeed originating from the www.vbportal.com / www.phpportals.com server. Looks like they have been hacked.
    The fact the hackers were emailing all registered users at the vbportal.com forum proves they had access to the user database, which means your email address plus forum password.

    I'd advice you to change your password anywere you are using the same user/password combination as on vbportals.com/phpportals.com

    It is not very unlikely the email address you are using at that forum will be getting a lot of spam soon. if so thats a nightmare.

    What troubles me most is the hackers' statement:


    If they are right means the vbportal.com/phpprotals.com server admins didn't do their homework at all, and they even neglected their users's privacy and data protection. Shame on them.
    Does this mean the hackers have got the information now on users accounts. Like Username and Logon to download there product acting as another user.

    Leave a comment:


  • yessenia1974
    replied
    Clearing confusion

    I did not report VBportal or Vbulletin, I reported the hacked problem with the shortcut and information i could find on internet and through the security system I had installed on my server. Hope they can do something about, this hackers don't think with the head when they do things, i don't know why people like me or my users we need to pay for the problems they have this people with others!

    Yes, my provider is already taken care of the server too, but was only my website both domains was hacked the rest was safe but we needed to move to another server, now the problem is that all information is loose, completely and is no way to recupere it.

    Is desperate!

    Leave a comment:


  • Steve Machol
    replied
    Please see this thread on how to make your vBulletin more secure:

    http://www.vbulletin.com/forum/showthread.php?t=172234

    If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.

    Leave a comment:


  • Floris
    replied
    Originally posted by yessenia1974 View Post
    Even changing the passwords and users i was hacked , I loose all my business and the accounts of my hosted people with all their information, we even get the time to save nothing, so now can somebody tell me why we pay for a license of something with this vulnerabilities???? Can somebody tell me who goes to pay me all the money I need to refund, all the works and hours I spend on my business??

    I already reported that to the Better Business Bureau, this is crazy, it doesn't have no name !
    Did you report vBportal or vBulletin? - Note that vBportal is NOT a vBulletin product, nor supported.

    Leave a comment:


  • yessenia1974
    replied
    I Can't Belive This!

    Even changing the passwords and users i was hacked , I loose all my business and the accounts of my hosted people with all their information, we even get the time to save nothing, so now can somebody tell me why we pay for a license of something with this vulnerabilities???? Can somebody tell me who goes to pay me all the money I need to refund, all the works and hours I spend on my business??

    I already reported that to the Better Business Bureau, this is crazy, it doesn't have no name !

    Leave a comment:


  • funpilot
    replied
    Not related

    I have not experiencing any other symptoms so I am certain my issues were not related. I too have worked closely with Bill and can tell you he is definitely a man of integrity and honor. My site is used by healthcare providers all over the country and we could not have created it with out his help. As for me, I am below "less able" ....

    Yes, my site has the patches.

    Leave a comment:


  • phill2003
    replied
    I think this post shows you the measure of the man who is wajones.

    He had no reason to allow unregistered users the abilty to patch software only a moral one which he chose to do. He also kept posting in this thread updating people as and when he had anything to update you with in between some uncomfortale reading for him.

    I hope he and his team have the situation rectified and wish him well, perhaps some of you had vallid points with regards to making members aware of the exploit earlier, however what you have to remember is wajones is doing this as a hobby that much is plainly obvious and to be honest how would any of you react to not only getting your website hacked but to being blackmailed at the same time and perhaps he understandably made an error in judgment or maybe he did everything he could at the moment he could do it, I tend to believe the later.

    I am not a license holder although i have been many years ago (about the time i joined this site) but to this day i remember my time on his site with a great deal of pleasure and remember a person who would willingly help the less able of us to do things to our websites that we would otherwise be unable to do and not ask for anything in return I see nothing has changed in that regard.

    Once again my best wishes go out to you and your team wajones in my humble opinion you have handled this situation admirably and have much to be admired for...

    Leave a comment:


  • wajones
    replied
    I just checked, it's not down. Must have been something else.

    Leave a comment:


  • 13th_Disciple
    replied
    Originally posted by funpilot View Post
    For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.
    Check the access logs of your server. I am sure, even if you are hosted, your provider must give you at least access logs, if not combined access/error.

    Leave a comment:


  • Nitro_007
    replied
    Originally posted by funpilot View Post
    For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.
    Have you applied the relevant patch set for your vbportal version ?

    Leave a comment:


  • funpilot
    replied
    My site acting funny

    For about 30 minutes this afternoon, my site "froze" in the sense that I could not get into vbPortal admin or vBulletin admin. Finally, I got into vbPortal admin and turned it off. About 10 minutes later, I was able to get into vBulletin and shut my site down. I can not say it is related to this, but I am just being cautious.

    Leave a comment:


  • wajones
    replied
    The 'people' are my customers and I was told by the security administrator of my host, a reputable hosting company that it was called for. I made the decision to post based on that and I stand by what I posted and the reasons for posting it at the time.

    I changed my position later because so many were getting different answers and I'm not going to dispute what their hosting company tells them. Like I said I really don't know, I thought I was right before, but when I realized I may not have been I clarified it.

    Leave a comment:


  • kman2000
    replied
    My point is that it should have been done when the suggestions were originally made. There was no discussion or qualification when the suggestions were made -- and the result is that people were chasing these down trying to make changes that probably weren't called for.

    Leave a comment:


  • wajones
    replied
    I think I clarified that in the post right before yours.

    Leave a comment:


  • kman2000
    replied
    Originally posted by wajones View Post
    We're having a discussion and in my last post I clarified that it was a debatable thing to do.
    These fixes were announced this way:

    Additional Security measures

    1. Disable phpsuexec and set the php passthru setting to 1 in php.ini


    There was no discussion or suggestion that they may not be required or resolve the problem. They should have been presented with a little more justification than just "additional security measures".

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X