Announcement

Collapse
No announcement yet.

My Forum running vBulletin 5.0.3 got hacked yesterday

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • My Forum running vBulletin 5.0.3 got hacked yesterday

    Well , one of my forums just got hacked yesterday , looking through the logs i could only locate a backdoor in one of my directories , i had no plugins or free theme on it. however i could find the Vulnerability
    i have spent around 2K buying vBulletin licensed during the past 6 years.

    I was pleased at the beginning . but now vBulletin is not what you may expect . its slow , insecure expensive and some other adjectives that it well deserves .

    I don't think it'd help but i can expose detail of the vulnerability which i discovered after this big loss to vBulletin STAFF , so they can work and fix it so some of you won't get hurt by this and have some time to move away for this piece of ..
    Payment Processing Talk
    Payment Processing Forums Discussion

  • #2
    Did you take a look at the announcement section? There is a security issue (just raised) about the install directory. Hope this helps unless it's something new/different.
    Not so Rude, Rudedog FPSadmin.com | twitter | Microsoft MVP 2009-2014 - Games for Windows

    Comment


    • #3
      Was there an email about the security issue? I only just realized it now and deleted the folder.
      Art of Travel Blogging : The Travel Blogging Community for Beginners and Professionals

      Comment


      • #4
        Originally posted by vskylabv View Post
        Was there an email about the security issue? I only just realized it now and deleted the folder.
        No, I don't remember any e-mail.

        Comment


        • #5
          No email has been sent, but there has been a notice pushed to the Admin CP, and an announcement and notice here on the support forums.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.5.6 Demo
          AdminAmmo - My Cloud Demo

          Comment


          • #6
            Nope, no email whatsoever.

            Comment


            • #7
              i received the notice in my admin panel....pretty much the instant it was announced

              Comment


              • DemOnstar
                DemOnstar commented
                Editing a comment
                Yep, me too.......
                But for those who are not watching their admin panel, and there are many, it is now too late....
                An email sent along with the admin notification would have saved a lot of grief....

            • #8
              Originally posted by vskylabv View Post
              Was there an email about the security issue? I only just realized it now and deleted the folder.
              No e-mail. Eventually, it will appear as a bullet point buried at the bottom of a marketing newsletter.

              Comment


              • DemOnstar
                DemOnstar commented
                Editing a comment
                Would that be an email by any chance or some new fangled notification thingy that appears 15 years after the event?

            • #9
              Originally posted by feldon23 View Post
              No e-mail. Eventually, it will appear as a bullet point buried at the bottom of a marketing newsletter.
              An email has been sent about both issues now.



              Please read the following two blog posts:
              http://www.vbulletin.com/forum/blogs...ve-been-hacked

              http://www.vbulletin.com/forum/blogs...vbulletin-site

              Also please see these recent security announcements:

              vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
              vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

              Comment


              • #10
                @Zachery
                I see youve been actively helping people with those two links but please be advised that is is not only your /install folder that is causing this. There is something else as well and I can say this with conviction because two of my forums got hacked one was defaced with hacked by frozen heart crap written all over and a pakistan flag as favicon and what not and other there were two ids created "admin" both of them and I happened to be online at the time so sorted it but I do not have the /install folder on either of them and if you say those admin ids were created before I deleted the install folder then I disagree with you because I was online when those ids were created and the install folders were delete right after upgrades. I never keep the install folder on any of my vbulletin installations since 2008 as I felt they were not needed. These two forums were on different servers managed by two different companies (PSM and syslint) and they are both reputed companies when it comes to managing security.

                I appreciate your company's efforts on this issue but your solution is not working. Also I dont like the fact that you closed my thread without letting me reply to it for a reson that is beyond my understanding.

                Comment


                • #11
                  Originally posted by parm775 View Post
                  I appreciate your company's efforts on this issue but your solution is not working. Also I dont like the fact that you closed my thread without letting me reply to it for a reson that is beyond my understanding.
                  Censorship is the best way to make IB's agenda seem positive
                  Also did the permissions get reset, I didn't think non-vb5 customers could post in here.
                  -- Web Developer for hire
                  ---Online Marketing Tools and Articles

                  Comment


                  • #12
                    i think there's still hope for vBulletin to raise again . but it should truly understand what the new world seeks and bury the old thoughts about a good community software , and invest a lot to stop the death of vBulletin happening.
                    Payment Processing Talk
                    Payment Processing Forums Discussion

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X