Announcement

Collapse
No announcement yet.

vb 3.x exploit uncovered?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AusPhotography
    replied
    There have been some reports of 'vanilla' vB4.1.3 sites being hacked. I hope those people log a ticket.

    I've created a mod that limits registrations to a time window. Eg. I've stopped 1am - 10am our time for now.

    See: http://www.vbulletin.org/forum/showthread.php?t=263617
    Last edited by AusPhotography; Fri 13 May '11, 9:26pm.

    Leave a comment:


  • Loco.M
    replied
    Originally posted by steven s View Post
    It can easily be blamed on a 3rd party mod/hack. But for all of those sites to have the same mod/hack is doubtful.
    No doubt the fix is to install vB4 since vB3 is EOL.
    I wouldn't be surprised if it was from an add-on.

    Leave a comment:


  • steven s
    replied
    Originally posted by Zachery View Post
    If (big if) what if someone setup accounts ages ago, and left it sitting dorment. Once a user gets past registration, it is possible that they never will be checked again to see if they're a spammer. (most people don't use akisment/typepad+).

    If a user already had an account, it wouldn't be hard for a bot to hit thousands of sites with login information and add/edit posts.
    Nah. At the several forums I looked at the join date is May 2011.
    I use vbstopforumspam and haven't seen the name attempt to log in in the logs. One forum is v3 and the other v4.
    I get attempts every few minutes. It is odd.


    Add: I noticed some other forums are phpBB and simplemachines.
    Last edited by steven s; Fri 13 May '11, 10:47am.

    Leave a comment:


  • Zachery
    replied
    If (big if) what if someone setup accounts ages ago, and left it sitting dorment. Once a user gets past registration, it is possible that they never will be checked again to see if they're a spammer. (most people don't use akisment/typepad+).

    If a user already had an account, it wouldn't be hard for a bot to hit thousands of sites with login information and add/edit posts.

    Leave a comment:


  • Steve Machol
    replied
    We do take these things very seriously, but in order to do anything about this we need information. If someone is hacked, they should fill out a support ticket so we can help. So far no one has provided anything that shows this is an exploit in the latest versions of vB and without some evidence of this, it is not something the Devs can look at.

    FWIW, every ticket I've seen to date was from people either running older versions of vB with known security holes, and/or using add-ons that are outdated and have been compromised.

    Leave a comment:


  • steven s
    replied
    Originally posted by Loco.M View Post
    About 75,900 results (0.30 seconds)

    I do hope the vB team is taking this attack seriously...
    It can easily be blamed on a 3rd party mod/hack. But for all of those sites to have the same mod/hack is doubtful.
    No doubt the fix is to install vB4 since vB3 is EOL.

    Leave a comment:


  • Loco.M
    replied
    Originally posted by steven s View Post
    18,800 results last time I googled the link.
    Must be a coincidence.
    About 75,900 results (0.30 seconds)

    I do hope the vB team is taking this attack seriously...

    Leave a comment:


  • steven s
    replied
    18,800 results last time I googled the link.
    Must be a coincidence.

    Leave a comment:


  • AusPhotography
    replied
    vB4.1.3 has been attacked as well

    Leave a comment:


  • steven s
    replied
    Originally posted by I, Brian View Post
    Well, you've just been pointed in the direction of 3000+ Google results that shows a bot has managed to post the same message across a wide range of vb 3 forums.
    4,000
    http://www.google.co.uk/search?hl=en&biw=1600&bih=777&q="Hi+ya+allll+!!+w000wwwooooo"+"vbulletin"&btnG=Search&aq=f &aqi=&aql=&oq=

    Leave a comment:


  • I, Brian
    replied
    Well, you've just been pointed in the direction of 3000+ Google results that shows a bot has managed to post the same message across a wide range of vb 3 forums.

    Leave a comment:


  • Trevor Hannant
    replied
    We've had no information on this that I'm aware of.

    Leave a comment:


  • steven s
    replied
    I just came here wondering the same thing.
    Then again, I just checked my stopforumspam logs and don't see anything variations of Robert.
    I get registration attempts every few minutes.
    Last edited by steven s; Mon 9 May '11, 12:20pm.

    Leave a comment:


  • I, Brian
    started a topic vb 3.x exploit uncovered?

    vb 3.x exploit uncovered?

    Anyone else got the "Hi ya allll !! w000wwwooooo" spam flood recently on their 3.x forum?

    Looks like it's being suggested there may be a vulernability in the build and that there may be a flood to follow:

    http://www.techwatch.co.uk/2011/05/0...s-vbulletin-3/

    it suggests that spammers have found a way to crack the custom question feature that helps reduce automated registrations by spambots.

    The behaviour so far is similar to previous mass test runs by Xrumer, which uses unique user strings with the same spam message to test how effective new cracking features work.

    While so far the spam has been sent from just one IP address to date, the danger is that if this is a new crack, that forum admins, especially on older vbulletin installs, could shortly face a new wave of spam as typically follows a security breach test.
    Is this really an issue specific to 3.x though? Anyone seeing this in the 4.x version?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X