Announcement

Collapse
No announcement yet.

New Security Patch for 3.8.5

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DieselMinded
    replied
    Any update on this from vBulletin ?

    Leave a comment:


  • DieselMinded
    replied
    that has yet to be determined by either party

    Leave a comment:


  • Trevor Hannant
    replied
    The way I'm reading the last few posts on this, you're saying this is a vBSEO exploit rather than a vB Forums exploit?

    Leave a comment:


  • DieselMinded
    replied
    I didnt mean you personally sorry if you took it that way , it was vbseo

    Leave a comment:


  • Michael Biddle
    replied
    Originally posted by DieselMinded View Post
    Then why answer my ticket with a link to the security update and say its not VBSEO ?
    I never responded to your ticket.

    Leave a comment:


  • DieselMinded
    replied
    I suggest you add .htaccess protection to your admin cp directory , google it its very easy to do . and what it does is pops up an additional password and username when you enter as well as the default relog in that vb does . i did it as a knee jerk reaction to this hack and i have decided to leave it on my site permanently to prevent any future automated attacks

    Leave a comment:


  • DieselMinded
    replied
    I was running 3.8.4 (and the latest PL) and got hacked and slammed and threw to the road side , when i woke up and hit up google i found that vbulletin forums were dropping like flies , all versions

    for weeks i have been persistent on this issue , ive been very active in the discovery of this and working towards the fix , Read this thread http://www.vbseo.com/f3/security-iss...o-3-3-x-41463/

    It amazing to me that we all have been pounding a very loud drum on this issue and every time we get a response from a staff members its like ,, whaaa who ect...

    It has to be some sort of stalling because its impossible for all the pleas for help to of been ignored ,

    Im still suffering from the repercussions of this hack as everyday im losing over 4,000 visitors from google and i can prove that as 100% fact. as i have multiple times .

    Im a dedicated vbulletin customer and i love the software and think its great !

    I feel i need to keep on everyone this isnt a joke. we have problems and they need addressed in a professional manner.

    What happened to my site has happened to others and they have not found it yet because of the way the hack is applied.

    all the information is right there in the wide open , i dont know what else i can do to communicate to the staff here in a manner to where i get a response that makes me feel like they acknowledge the issue and are working on a fix . or if the fix they released was the one to fix what happened to me and if it was , if i have applied it correctly

    Respectfully

    Chad

    Leave a comment:


  • marrr
    replied
    Thanks for the quick response.. I did the above and it went to my site.

    Leave a comment:


  • Paul M
    replied
    Originally posted by DieselMinded View Post
    My Question is a yes or no question ..

    Q. Did the Default first release of vbulletin 3.8.5 included the fix for the recently announced security flaw?

    A. ?
    Which flaw are you referring to ?

    The XSS flaw does not exist in vb 3.8.x - the salt change was part of the original 3.8.5 (released on March 11th).

    Leave a comment:


  • DieselMinded
    replied
    Clear your cookies and catche
    Open IE browser
    go to www.google.com
    search for site:yoursite.com
    click on first link

    Did you go to your site or somewhere else?

    You cannot reproduce this with out clearing out your cookies and cache

    Read this thread http://www.vbseo.com/f3/security-iss...o-3-3-x-41463/

    Leave a comment:


  • marrr
    replied
    How do u tell if ur forums were exploited?

    Leave a comment:


  • DieselMinded
    replied
    where can i verify that ? and why wasnt the security vulnerability announced when the new version was announced ? it was weeks later

    Leave a comment:


  • Yves Rigaud
    replied
    Originally posted by DieselMinded View Post
    Q. Did the Default first release of vbulletin 3.8.5 included the fix for the recently announced security flaw?

    A. ?
    Yes.

    Leave a comment:


  • DieselMinded
    replied
    Originally posted by Trevor Hannant View Post
    If you raised a ticket with vBSEO and they say it's not them, have you raised a ticket with us as I requested earlier?
    vBulletin Ticket System (Ticketid: 1003487)

    Leave a comment:


  • DieselMinded
    replied


    To date i have lost 220,000 Visitors to my site from google because of this security flaw , 3 years of work taken over night because of a vulnerability.

    Forgive me if i seem to come across a bit strong , this is a huge issue and it seems no one cares ... i posted about it on vbulletin.org and my thread was deleted

    there are still forums that are hacked and dont even know it

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X