Announcement

Collapse
No announcement yet.

Vulnerability in 3.8.5

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vulnerability in 3.8.5

    Few days ago one user send me a message that forum has security hole, so he will tell me what if I do something for him. I just ignore him, but jesterday he was able to change my avatar. After changing he sent me new message telling me it is only start. I also noted that he was trying to log in to ACP two times and for username first time he put email I am using for forum and second time database user name, so he have that information.
    I realy don't know what to do. Upgrading to 3.8.6 is not solution because it dosen't have any fixes related to security that kind.

  • #2
    How do you know that the vulnerability is in the forum software and not in any of your add-ons ?
    www.erodov.com :cool:

    Comment


    • #3
      Post your logs to be able know how he did it.

      Comment


      • #4
        Which logs do you mean?

        Comment


        • #5
          access_log and error_log and the mysql_log might help disclose how it was exploited, either via vanilla vbulletin, or third party addons, or perhaps done via mysql, or the ssh was compromised, etc, you don't know. I mean; how do you know it was vB that has the issue?

          Comment


          • #6
            Where I can find all this files?

            Comment


            • #7
              Originally posted by kolenoblata View Post
              Where I can find all this files?
              Ask your host to check their access logs.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X