Announcement

Collapse
No announcement yet.

vb compramise.. u sure 3.0.7 isnt buggy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vb compramise.. u sure 3.0.7 isnt buggy

    xxxxxxx
    Last edited by mentalrz; Sat 24 Jun '06, 2:58pm.

  • #2
    xxxxxxx
    Last edited by mentalrz; Sat 24 Jun '06, 2:58pm.

    Comment


    • #3
      xxxxxxx
      Last edited by mentalrz; Sat 24 Jun '06, 2:58pm.

      Comment


      • #4
        You could try posting a support ticket, you'd get a quicker response.

        Comment


        • #5
          That exploit is ffrom version 3.0.5. If you have uploaded ALL the 3.0.7 files it would not work. Try reuploading the files and making sure you overwrite the ones on the server.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #6
            xxxxxxx
            Last edited by mentalrz; Sat 24 Jun '06, 2:58pm.

            Comment


            • #7
              Check:

              Admin CP --> Usergroups --> Administrator Permissions

              ... do you see anybody there who shouldn't be there? This lists all the users who have administrator permissions.

              Second, run this:

              Admin CP --> Import & Maintenance --> Diagnostics --> Suspect File Versions

              ... does this report any files that are not from version 3.0.7?
              Bugdar: PHP bug tracking software that is beautiful, fast, and robust.

              Comment


              • #8
                xxxxxxx
                Last edited by mentalrz; Sat 24 Jun '06, 2:59pm.

                Comment


                • #9
                  There are no known security issues with the latest 3.0.7 files. If you are still having this problem then I suspect you either do not have the 3.0.7 files uploaded, you have installed some hacks, or they are accessing this via passwords or some other method.
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography


                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  Comment


                  • #10
                    xxxxxxx
                    Last edited by mentalrz; Sat 24 Jun '06, 2:59pm.

                    Comment


                    • #11
                      As I said there are no know security issues with an unhacked 3.0.7 forum. And the info you posted in post #2 is directly related to a securoty hole that was fixed in 3.0.7.
                      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                      Change CKEditor Colors to Match Style (for 4.1.4 and above)

                      Steve Machol Photography


                      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                      Comment


                      • #12
                        Steve,

                        Mentalrz is my son and I know he installed 3.0.7 from a fresh download from VB. I have upgraded php, apache and mysql just in case and also changed his mysql username and passwords.

                        Also this is his forumdisplay file heading:

                        <?php
                        /*======================================================================*\
                        || #################################################################### ||
                        || # vBulletin 3.0.7 - Licence Number xxxxxxxx
                        || # ---------------------------------------------------------------- # ||
                        || # Copyright ©2000–2005 Jelsoft Enterprises Ltd. All Rights Reserved. ||
                        || # This file may not be redistributed in whole or significant part. # ||
                        || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
                        || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
                        || #################################################################### ||
                        \*======================================================================*/

                        He is indeed running 3.0.7 so I dont know how they are gaining access if this hole was fixed.

                        Regards,

                        Brian

                        Comment


                        • #13
                          xxxxxxx
                          Last edited by mentalrz; Sat 24 Jun '06, 2:59pm.

                          Comment


                          • #14
                            I am not making this up. There are no known security holes in 3.0.7. If you believe you have uncovered one, then please feel free to report this in the Bug Tracker.
                            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                            Change CKEditor Colors to Match Style (for 4.1.4 and above)

                            Steve Machol Photography


                            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                            Comment

                            Loading...
                            Working...
                            X