Announcement

Collapse
No announcement yet.

3.6.8 board was hacked - what do I do?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jobe1986
    replied
    Im guessing those "long" periods of time were around 15 minutes, the default session timeout.

    Oh wait that STILL doesnt mean they can actually see the content.

    As for randomly entering thread id's, wouldnt you stop on a "no permission" error page since that would indicate it's restricted?

    If you want to belive what you want, how about you log off you forum then check one of those URL's for yourself.

    Hell here's a link to a thread in a restricted board on my forum so you can see for yourself, that going to the URL doesnt automatically mean you can see the content:
    http://www.invictachat.net/forum/showthread.php?t=360

    You Think they read the content, yet you are yet to show proof of said claim. The only evidence you keep showing only shows that they tried, not that they succeeded.

    It seems to me that youre burying your head in the sand and are extremly paranoid.

    Try checking your online users list when they view them and look for the beside their session etc.. that shows they CANT see the content.
    Last edited by Jobe1986; Tue 16 Oct '07, 10:05am.

    Leave a comment:


  • webslugger
    replied
    Originally posted by Jobe1986 View Post
    Just to put you straight on your major mis-conception but raw access logs show attempts, not whether they got what they were attempting to.

    I could give you a link to a thread in one of my private board's, the raw access log would show you request the URL, but vBulletin would give you an access denied error. SO what about that means you got to view the content just because you requested the URL?
    but if I was randomly entering thread numbers, and then stopped on thread numbers that were in your private forums, and then went back to those threads for long periods of time, wouldn't you be suspect?

    So believe what you want - go ahead and believe that a person just decided to randomly enter thread id's (even though I am running SEO) at the rate of over 4000 in 35 minutes and then casually stopped on private threads in private forums, and then went back to look at those particular "no access" windows, all by chance. If you believe that you are burying your head in the sand. I am very disappointed with how the reps of vbulletin are choosing to ignore my plea to look in to this. very disappointed indeed.

    Leave a comment:


  • Jobe1986
    replied
    Originally posted by webslugger View Post
    it would show you EXACTLY what they saw... that's what a raw access log does... I can look at it and see.. why couldn't you?
    Just to put you straight on your major mis-conception but raw access logs show attempts, not whether they got what they were attempting to.

    I could give you a link to a thread in one of my private board's, the raw access log would show you request the URL, but vBulletin would give you an access denied error. SO what about that means you got to view the content just because you requested the URL?

    Leave a comment:


  • Steve Machol
    replied
    The raw access logs cannot possibly show you exactly what that person was seeing on their computer screen. Sorry you don't believe that but it's the truth.

    I also never claimed that vBulletin was written by God nor 100% secure. I attempted to explain this issue to you, obviously without success. Good luck.

    Leave a comment:


  • webslugger
    replied
    Originally posted by Steve Machol View Post
    With all due respect, how would the 'raw access log' show us what this person saw?
    it would show you EXACTLY what they saw... that's what a raw access log does... I can look at it and see.. why couldn't you?

    Originally posted by Steve Machol View Post
    The bottom line is unless you can duplicate this alleged exploit yourself, there is nothing we can do to investigate this.
    nothing you "can" do, or nothing you WILL do?

    Originally posted by Steve Machol View Post
    P.S. You can easliy test this yourself by changing the password of this member, logging in under that account and trying to view the threads in the hidden forum.
    I highly doubt that simply logging in would be able to duplicate the exploit or bot that they were running

    Just trying to help - I guess that I should never doubt vbulletin - according th the powers-that-be it's 100% secure - not a single flaw - will never need a security patch again - must've been written by the fiery hand of god...
    Last edited by webslugger; Fri 12 Oct '07, 4:43am.

    Leave a comment:


  • Steve Machol
    replied
    P.S. You can easliy test this yourself by changing the password of this member, logging in under that account and trying to view the threads in the hidden forum.

    Leave a comment:


  • Steve Machol
    replied
    With all due respect, how would the 'raw access log' show us what this person saw?

    The bottom line is unless you can duplicate this alleged exploit yourself, there is nothing we can do to investigate this. I'm sorry if this lowers your opinion of us but it's the simple truth. And the fact is that our record of taking security matters seriously is very strong, regardless of what you think of us.

    Leave a comment:


  • webslugger
    replied
    well, if they were randomly typing threads it seems funny that they kept stopping on the hidden forums for longer than other posts, and going back to the hidden posts later. They were using some sort of bot, and as I said they kept re-logging in and did so 85 times in 35 minutes (what would be the point of that if they were just typing in random threads?), and also scanned over 4,000 pages in the process. As I said, they kept going back and stopping on posts that were in hidden forums.

    I guess nobody is interested in even looking at my raw access log. I find it odd that a company that prides itself on trying to have the most secure forum software around wouldn't even be willing to address this. Seems to me like burying your head in the sand.

    Jobe1986 - do you really think that nobody in the history of the internet has ever found a security hole in vbulletin? if that is the case why do they keep coming out with security patches? Obviously someone has to be the first to get hacked - or notice it and report it.

    Leave a comment:


  • Steve Machol
    replied
    Again that doesn't mean anything. Someone could have been randomly trying different threadids to see if he could gain access. Assuming your permissions are set correctly and you have not installed any add-ons that affected this, the most likely explanation is that they saw the 'no permission' page.

    Leave a comment:


  • Jobe1986
    replied
    So if this really is a security hole, why are you the ONLY person I have ever seen complain about it?

    Surely if it were a security hole, the other hundreds of vBulletin forums out there would also be complaining/noticing it.

    Leave a comment:


  • webslugger
    replied
    Originally posted by Steve Machol View Post
    How do you know they saw anything when tring to access that forum? Assuming you permissions are set correctly and you have not installed any add-ons that affected this, the most likely explanation is that they saw the 'no permission' page.
    no - they were viewing specific threads that were hidden deep within those forums, that they shouldn't have been able to even access. As I said, they loaded over 4000 pages within 35 minutes, and logged in about 85 times during that period as well - they have obviously discovered a security hole that they are exploiting. My permissions are set correctly.

    Leave a comment:


  • Steve Machol
    replied
    How do you know they saw anything when tring to access that forum? Assuming you permissions are set correctly and you have not installed any add-ons that affected this, the most likely explanation is that they saw the 'no permission' page.

    Leave a comment:


  • webslugger
    started a topic 3.6.8 board was hacked - what do I do?

    3.6.8 board was hacked - what do I do?

    My vb 3.6.8 site was hacked today. What happened was a member signed up for an account, and then was caught viewing a restricted, hidden forum (supermods and admins only). I banned the member and also their IP address, and then looked at the raw access log. The user apparently signed in 85 times in 35 minutes, and also accessed 4342 pages in that amount of time also.

    So, what can I do to avoid this, since apparently there is a security hole? Should I submit the raw access logs to someone at vbulletin so they can see how this person accomplished this?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X