Announcement

Collapse
No announcement yet.

New Security Patch for 3.8.5

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    It should of been 3.8.5 PL1 because there was more things left out of 3.8.5 core files and quickly added after it was released
    http://www.dieselbombers.com

    Comment


    • #17
      Originally posted by DieselMinded View Post
      Then why answer my ticket with a link to the security update and say its not VBSEO ?
      If you raised a ticket with vBSEO and they say it's not them, have you raised a ticket with us as I requested earlier?
      Vote for:

      - *Admin Settable Paid Subscription Reminder Timeframe*
      -
      *PM - Add ability to reply to originator only*
      - Add Admin ability to auto-subscribe users to specific channel(s)
      - "Quick Route" Interface...

      Comment


      • #18
        Its no big secret that there is/was/who knows a gaping hole in vBulletin

        Im asking a simple question , as i did on other threads about the same thing , it has yet to be answered

        SEE.. http://www.vbseo.com/f3/security-iss...o-3-3-x-41463/

        My Question is a yes or no question ..

        Q. Did the Default first release of vbulletin 3.8.5 included the fix for the recently announced security flaw?

        A. ?
        http://www.dieselbombers.com

        Comment


        • #19


          To date i have lost 220,000 Visitors to my site from google because of this security flaw , 3 years of work taken over night because of a vulnerability.

          Forgive me if i seem to come across a bit strong , this is a huge issue and it seems no one cares ... i posted about it on vbulletin.org and my thread was deleted

          there are still forums that are hacked and dont even know it
          http://www.dieselbombers.com

          Comment


          • #20
            Originally posted by Trevor Hannant View Post
            If you raised a ticket with vBSEO and they say it's not them, have you raised a ticket with us as I requested earlier?
            vBulletin Ticket System (Ticketid: 1003487)
            http://www.dieselbombers.com

            Comment


            • #21
              Originally posted by DieselMinded View Post
              Q. Did the Default first release of vbulletin 3.8.5 included the fix for the recently announced security flaw?

              A. ?
              Yes.

              vBulletin QA - vBulletin Support French - Lead Project Tools developer

              Next release? Soon(tm)

              Comment


              • #22
                where can i verify that ? and why wasnt the security vulnerability announced when the new version was announced ? it was weeks later
                http://www.dieselbombers.com

                Comment


                • #23
                  How do u tell if ur forums were exploited?

                  Comment


                  • #24
                    Clear your cookies and catche
                    Open IE browser
                    go to www.google.com
                    search for site:yoursite.com
                    click on first link

                    Did you go to your site or somewhere else?

                    You cannot reproduce this with out clearing out your cookies and cache

                    Read this thread http://www.vbseo.com/f3/security-iss...o-3-3-x-41463/
                    http://www.dieselbombers.com

                    Comment


                    • #25
                      Originally posted by DieselMinded View Post
                      My Question is a yes or no question ..

                      Q. Did the Default first release of vbulletin 3.8.5 included the fix for the recently announced security flaw?

                      A. ?
                      Which flaw are you referring to ?

                      The XSS flaw does not exist in vb 3.8.x - the salt change was part of the original 3.8.5 (released on March 11th).
                      Baby, I was born this way

                      Comment


                      • #26
                        Thanks for the quick response.. I did the above and it went to my site.

                        Comment


                        • #27
                          I was running 3.8.4 (and the latest PL) and got hacked and slammed and threw to the road side , when i woke up and hit up google i found that vbulletin forums were dropping like flies , all versions

                          for weeks i have been persistent on this issue , ive been very active in the discovery of this and working towards the fix , Read this thread http://www.vbseo.com/f3/security-iss...o-3-3-x-41463/

                          It amazing to me that we all have been pounding a very loud drum on this issue and every time we get a response from a staff members its like ,, whaaa who ect...

                          It has to be some sort of stalling because its impossible for all the pleas for help to of been ignored ,

                          Im still suffering from the repercussions of this hack as everyday im losing over 4,000 visitors from google and i can prove that as 100% fact. as i have multiple times .

                          Im a dedicated vbulletin customer and i love the software and think its great !

                          I feel i need to keep on everyone this isnt a joke. we have problems and they need addressed in a professional manner.

                          What happened to my site has happened to others and they have not found it yet because of the way the hack is applied.

                          all the information is right there in the wide open , i dont know what else i can do to communicate to the staff here in a manner to where i get a response that makes me feel like they acknowledge the issue and are working on a fix . or if the fix they released was the one to fix what happened to me and if it was , if i have applied it correctly

                          Respectfully

                          Chad
                          http://www.dieselbombers.com

                          Comment


                          • #28
                            I suggest you add .htaccess protection to your admin cp directory , google it its very easy to do . and what it does is pops up an additional password and username when you enter as well as the default relog in that vb does . i did it as a knee jerk reaction to this hack and i have decided to leave it on my site permanently to prevent any future automated attacks
                            http://www.dieselbombers.com

                            Comment


                            • #29
                              Originally posted by DieselMinded View Post
                              Then why answer my ticket with a link to the security update and say its not VBSEO ?
                              I never responded to your ticket.
                              Michael Biddle - Follow me on Twitter!

                              Comment


                              • #30
                                I didnt mean you personally sorry if you took it that way , it was vbseo
                                http://www.dieselbombers.com

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X