No announcement yet.

Vbulletin Security Issue, is this a SCAM?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Vbulletin Security Issue, is this a SCAM?

    Last week I was contacted by a security advisor with the following message (basically): your forum is vulnerable to an exploit which would allow an attacker to gain admin privileges. The software maker (this means Jellsoft I guess) has ignored us so we are contacting you to repair this vulnerability in exchange for a link to our site and a small USD 25 fee.

    We rejected the offer and warned him saying we were going to contact the local authorities. His answer was, more or less, that he was withdrawing his offer, because the software vendor finally listened to him and was working on a patch. Until that release, he advised to disable attachments on our forums.

    Now now... is this a SCAM or what?
    Last edited by Amenadiel; Sun 25 Oct '09, 6:58am.

  • #2
    Anytime you get contacted asking for money to inoculate your site, it's a scam. This is what you pay your host for-security. The software is secure (for known threats) if you are running 3.8.4 pl1. Forward the email to your host if you are in doubt.


    • #3
      agreed, this is spam and is definitely a scam. Do not fall for stuff like this.


      • #4
        Yes, I am running 3.8.4PL1, my sysadmin said this is a pathetic scam, but I wanted to hear your opinions nowadays.

        Besides, there is no way for a visitor to know which version of VB I am running, so any kind of diagnose is just scareware.


        • #5
          Don't worry about it then. You are fine.

          You may want to read this Bulletin by Steve. It's very informative and gives you some tips to secure your site:


          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.