Announcement

Collapse
No announcement yet.

E-mail vulnerabilities in 2.2.9?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • RHarbison
    replied
    Originally posted by Zachery
    Php/post nuke are both rampant with security bugs, why anyone wants to intergrate them into vB is beyond me.
    Well as I said in my reply "issue with PHPNuke, on a different site, but sharing the same mail server, that was totally unrelated to VB."

    The only reason I even mentioned it here was that I brought up the fact that my site was being hacked and questioned if VB was responsible. Now I'm following up and saying "No, nothing to do with VB..."

    As for why integrate, VBportal, which uses it, does have some great features. For example the list of current threads was very popular. I ran it when I was using VB2 and the portal page it created increased my forum traffic dramatically. I do miss some of that stuff but I'm exploring other options for VB3 due to the exact concerns you mention.

    Leave a comment:


  • Zachery
    replied
    Php/post nuke are both rampant with security bugs, why anyone wants to intergrate them into vB is beyond me.

    RHarbison not pointed at you but just stating in general, i am glad you have found and fixed the issue, good luck with your site

    Leave a comment:


  • RHarbison
    replied
    Update...


    We finally figured out the problem (having several domains on one IP can make troubleshooting complicated...)

    Turns out it was a security issue with PHPNuke, on a different site, but sharing the same mail server, that was totally unrelated to VB. There's a flaw in the PHPNuke webmail program big enough to drive a tractor trailer load of spam through, and that's just what our "buddies" at Ripe Network were doing.

    Again, not at all related to VB...

    Leave a comment:


  • Scott MacVicar
    replied
    No the calendar exploit would only let you fetch data it wouldn't let you email anything.

    Do you have any sort of formail.cgi scripts installed? You'd be able to see any mass emails from apache logs.

    Leave a comment:


  • RHarbison
    replied
    > It's most likely an open SMTP server

    Yes, I have to agree, but tech support can't seem to find an open relay...

    > vBulletin would only let you email those registered on the forums.

    Are you sure of that? What about some kind of mysql exploit using the calendar issue? Any way to launch mail from there? (No, I don't any want details, just whether it's theoretically possible)

    Leave a comment:


  • Scott MacVicar
    replied
    Its most likely an open SMTP server rather than a bit of software. As vBulletin would only let you email those registered on the forums.

    Leave a comment:


  • RHarbison
    started a topic E-mail vulnerabilities in 2.2.9?

    E-mail vulnerabilities in 2.2.9?

    I've just discovered that somebody is sending out the Nigerian Fraud scam from my server. We're having trouble determining where it came from.

    My question is are there any known e-mail vulnerabilities in VB 2.2.9? I'm aware there's a problem with the calendar, but the exact nature of the compromise is unclear to me. Could that particular security issue be used to send out spams?

    Yes, I know, upgrade and fix the problems, but first I need to be able to substantiate where the spam was coming from so I can prove to my ISP it didn't come from me. It would be very helpful if I can say "this happened and I did that to correct the problem..." Any potential leads would be appreciated...
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X