Announcement

Collapse
No announcement yet.

New Security Patch for 3.8.5

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Security Patch for 3.8.5

    I am already running version 3.8.5 and got hacked with the security issue ,

    your details say to update to 3.8.5 to fix the issue , im already running 3.8.5 as i updated the minute i found the exploit , and i beleave that this was the unpatched version of 3.8.5

    Please Release a Patch for the 3.8.5 users who updated before the security fix was applied
    http://www.dieselbombers.com

  • #2
    as seen here http://www.vbulletin.com/forum/showt...26#post1950226
    http://www.dieselbombers.com

    Comment


    • #3
      Apparently support said there is no need to upgrade as 3.8.5 already has the fix applied?

      Comment


      • #4
        Originally posted by DieselMinded View Post
        I am already running version 3.8.5 and got hacked with the security issue ,

        your details say to update to 3.8.5 to fix the issue , im already running 3.8.5 as i updated the minute i found the exploit , and i beleave that this was the unpatched version of 3.8.5

        Please Release a Patch for the 3.8.5 users who updated before the security fix was applied
        Yea this confused me to and i tried the exploit on my forum running 3.8.5 and it didn't seem to affect it. I was running vbulletin 3.8.5 before the exploit was found and fixed.

        Comment


        • #5
          Where is information about this exploit, can you private msg me, so I can test it on my already 3.8.5 "fixed" forum?
          I don't see this one listed on inj3ct0r or security focus.

          Comment


          • #6
            Please raise a Support Ticket with details to allow Suport staff to access your site:

            - URL to site and AdminCP
            - AdminCP Login (account should have full Admin permissions)
            - FTP login details
            - Database login details (for phpMyAdmin or similar)

            If you can provide as much detail as possible on what you've found by way of how the hacker gained entry to your site (via server logs etc.) then this will assist in determining whether this is related to the exploit patched in other versions or whether this is a new issue.
            Vote for:

            - *Admin Settable Paid Subscription Reminder Timeframe*
            -
            *PM - Add ability to reply to originator only*
            - Add Admin ability to auto-subscribe users to specific channel(s)
            - "Quick Route" Interface...

            Comment


            • #7
              i did all this with VBSEO already
              http://www.dieselbombers.com

              Comment


              • #8
                Originally posted by smiggy View Post
                Apparently support said there is no need to upgrade as 3.8.5 already has the fix applied?
                Can a staff member confirm this?

















                ...

                Comment


                • #9
                  Need to know if the First 3.8.5 included this fix , not a quickly updated version of the original 3.8.5
                  http://www.dieselbombers.com

                  Comment


                  • #10
                    Just FYI , if you have been exploited , updating will not fix the exploit , it will just prevent future exploits , you need to go to your plug in manager and check all the global start templates for the eval decode hack
                    http://www.dieselbombers.com

                    Comment


                    • #11
                      Originally posted by DieselMinded View Post
                      it will just prevent future exploits
                      I do not think this is a true statement. It has not been confirmed that this is related to you being exploited
                      Michael Biddle - Follow me on Twitter!

                      Comment


                      • #12
                        Then why answer my ticket with a link to the security update and say its not VBSEO ?
                        http://www.dieselbombers.com

                        Comment


                        • #13
                          vbulletin has became so irresponsible lately...

                          Comment


                          • #14
                            ____________________

                            and yet they want another $250 for a license for v 4 so I can continuing using v 3, even though I already thought I bought a "lifetime" license.


                            What happens when they come out with v 5, will we be forced to buy another "lifetime" license then too?

                            Comment


                            • #15
                              I need to know what to look for in the core vBulletin 3.8.5 files to see if i have the 3.8.5 version that has the later updated security fix .
                              http://www.dieselbombers.com

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X