Announcement

Collapse
No announcement yet.

An Interesting vB Infiltration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Interesting vB Infiltration

    A friend who frequents OccultForums recently made me aware of what is said to be the 5th successful hacking of its vBulletin installation.

    One of the administrator's posts was modified with a message from the hacker (available for perusal here).

    The hacker, who identifies himself as FatCat, wrote the following:

    *WARNING: The following quote may contain content considered objectionable by some. Continue reading at your own risk.*

    Originally posted by FatCat
    Qryztufre is a big piece of ****. He acts like hes mister security and that he has one clue what hes talking about.

    First of on on his live journal he says using a cracker. Well number one
    vbulletin uses a salted md5 encryption so brute force isn't going to work.

    What I did was purchased the same version of vbulletin and searched all over in the code until I found a spot that was what is called unsanatized. meaning I can pass code inside it from the browser. then i md5 encrypted a pass with a salt string I picked used that unsanitzed area to switch erics pass to mine and boom I'm in.

    Now for as long as Eric takes any advise from Qryztufre which i like to call the reason I never forget about OF. Its my life goal to prove that nothing out of his mouth is the truth. He can't accept defeat or say he doesn't know something. From reading his PM's he acts like he knows everything about security.

    Well if he knew 1/100,000 of what he says this site would be so secure not even kevin mitnick himself could get in. Eric relies on everything that Q says and since he doesn't have a ****ing clue thats why this happens again and again. Ok he says that this was a cracker attack well now to show thats a lie I guess Ill have to attack on a weekly basis.

    Just to prove im not an ******* i backed up everything right before I attacked and will give this to eric once I see a statement from Q admitting that he knows nothing and is a big fat ****ing liar on the forums.

    Im sure maybe eric will have a backup but hold old will it be? No one knows and I have a fresh backup from moments before the attack.

    Fatcat
    What interests me most about this particular individual is the personal vendetta through which he vindicates his actions.

    This thread was created in the Chit Chat forum because I feel that some solid discussion could be conducted on the nature of member-entitlement in large communities.

    Thoughts? Opinions? Is extortion common on message boards, or is this an isolated incident?
    BruceWest
    Member
    Last edited by BruceWest; Mon 31 Jul '06, 3:08am.

  • #2
    I think Fatcat is fibbing because how he portrayed the password and how he stuck it in. That isn't a sanitization issue; that appears more to be a SQL injection.

    But also, if he did go over the hundreds and thousands of lines of code, then he wouldn't be making the mistake of saying a password in vBulletin 3.5.4 is encrypted "md5($password) . $salt" rather than "md5(md5($password) . $salt)".

    That second MD5 makes a BIG difference.


    I think the issue isn't related to vBulletin at all, but rather something else in play. Trapdoor? Poor codehacks? Keylogger on the admin's computer? Anything is possible
    ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
    Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

    Comment


    • #3
      What version is he using..?! I don't think it's possible with vBulletin 3.5 and 3.6 because of the new way vBulletin checks all variables before usage.
      That's the end of that!

      Comment


      • #4
        Checking the server access logs would be the only real way to determin how he was able to gain access.

        Comment


        • #5
          Just keeping you updated...

          If nothing else, the disaster sure does give me some laughs.

          (From this thread.)
          Originally posted by thefifthlord
          the only reason the server got hacked is because the owner of the site choose vbulletin, the vb team put security holes in vbulletin purposely so they can charge for support!

          Invision however actually cares about security and you are correct the flaws are in the forum not the server
          thefifthlord is apparently some wanderer interested in re-stabilizing the forum; he wants administrator access and the vBulletin account key to do so.

          Comment


          • #6
            Right, thats why we provide updates and support for free

            Comment


            • #7
              Let me know if at any point this thread becomes tedious or unwanted. I post purely for interest's sake.

              Now some clown sees fit to introduce the following link:


              I'm on a tangent here, but this doesn't look at all viable as an exploit. (The link above is certifiably free of malware.)
              Zachery
              Former vBulletin Support
              Last edited by Zachery; Mon 31 Jul '06, 1:10pm.

              Comment


              • #8
                lol how funny, I will remove that because it really shouldn't be too public,

                But what it says is nulled installations can have their databases backedup.

                Comment


                • #9
                  Good to know, thanks Zachery.

                  As things continue to move forward... it seems that first MySQL and then the entire server were taken down. By whom, I can only speculate.

                  Comment


                  • #10
                    Originally posted by Zachery View Post
                    Right, thats why we provide updates and support for free
                    For the first year. After that, for that free support and updates it's $35, I believe. Not knocking what you said, Zachery, just pointing out that it's not actually free. I get the jest of your post, though.

                    Comment


                    • #11
                      Originally posted by Boxy View Post
                      Checking the server access logs would be the only real way to determin how he was able to gain access.
                      If they leaved the log files behind them...
                      Another smart thing someone told me is to check the terminal command history
                      Italian Body Building & Fitness : www.BodyWeb.com
                      Italian unofficial support Forum : www.vBulletin.it

                      Comment


                      • #12
                        Originally posted by 13th_Disciple View Post
                        For the first year. After that, for that free support and updates it's $35, I believe. Not knocking what you said, Zachery, just pointing out that it's not actually free. I get the jest of your post, though.
                        You can still download patches for free though .

                        Comment


                        • #13
                          Originally posted by Andrew111888 View Post
                          You can still download patches for free though .
                          http://members.vbulletin.com/patches.php Free download of security patches for vBulletin 3.5 and above. For licensed customers only. Owned license expired? No problem! Enjoy the download.

                          Comment


                          • #14
                            Originally posted by Floris View Post
                            http://members.vbulletin.com/patches.php Free download of security patches for vBulletin 3.5 and above. For licensed customers only. Owned license expired? No problem! Enjoy the download.

                            Good to know floris, thanks. I wasnt aware vB had stand-alone patches available..
                            MCSE, MVP, CCIE
                            Microsoft Beta Team

                            Comment


                            • #15
                              We don't actually use that page all the time. Most patches can be posted into the announcements forum as that allows "priority support" people (eg, other admins) to access them if the license owner is away.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X