Announcement

Collapse
No announcement yet.

All emails from forum are posted on a site?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Paul M
    replied
    Originally posted by mediasvi View Post
    I find it incredible there is a way to extract members emails and it has been done to tons of VB sites.
    If you find it incredible then I'm afraid you have a lot to learn about the Internet.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by mediasvi View Post
    @ Wayne, I have installed updates as they are issued what else am I to do. This dump was 5/22/17 I find it incredible there is a way to extract members emails and it has been done to tons of VB sites.
    Just because someone appends a date to something doesn't make it so.
    There is no "hole", it's as simple as that.

    Leave a comment:


  • Wayne Luke
    replied
    It appears they were just updated 5/22/2017. For whatever internal reasoning they have. They have been there longer.They are older dumps. What you're seeing is the file timestamp from the server.

    As for what else to do, go through the "Secure Your Site" topic and follow its steps. We can only make sure that a default installation of vBulletin is secure. Code modifications, add-ons, unnecessary files and other modification may decrease the security of your site.

    Leave a comment:


  • mediasvi
    replied
    @ Wayne, I have installed updates as they are issued what else am I to do. This dump was 5/22/17 I find it incredible there is a way to extract members emails and it has been done to tons of VB sites.

    Leave a comment:


  • Paul M
    replied
    Originally posted by mediasvi View Post
    If you go to their Home page and type in VBulletin you can download Vbulletin.org emails there is obviously a hole in VB's software that needs to be fixed.
    That is dated 2014, although I dont recall any hack at that time (then again, its a long time ago now).
    It most likely it dates from when someone hacked into the IB network from a stage server, nothing to do with the "software".

    Leave a comment:


  • Wayne Luke
    replied
    Remember that time when we released a number of security patches and started advising people to review their plugins and delete their install directories. It was a couple of years ago. That is when we patched the issues that would allow this to happen in vBulletin 3, 4 and 5. Have you followed the securing your site steps?

    We've also done numerous steps to strengthen our own infrastructure and have changed users passwords several times on our sites, including vBulletin.org.

    In vBulletin 5.X, we have gone further in securing the software. Examples include plugins no longer being stored in the database, we have added Two-Factor Authentication and you can restrict access to the Admin and Mod control panels via IP address without relying on .htaccess.

    Leave a comment:


  • mediasvi
    replied
    If you go to their Home page and type in VBulletin you can download Vbulletin.org emails there is obviously a hole in VB's software that needs to be fixed.

    Leave a comment:


  • IggyP
    replied
    i have wondered about this before...like why they arent encrypted in the database or something...that seems like some trick to pull data without credentials tho?...guess anything is possible hmm

    Leave a comment:


  • mediasvi
    replied
    This site has all the emails from my VB forum and tons of other VB forums, how could they get them, this is not good.
    https://publicdbhost.dmca.gripe/random/vbulletindump/

    Leave a comment:


  • Paul M
    replied
    Can you explain what you mean, your initial post isnt really very clear.

    Leave a comment:


  • mediasvi
    started a topic All emails from forum are posted on a site?

    All emails from forum are posted on a site?

    All the emails from my forum are posts on a site how does this happen?

    VB 4.2.3

Related Topics

Collapse

Working...
X