No announcement yet.

Attemped Hack foiled, and how it was nearly done.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Attemped Hack foiled, and how it was nearly done.

    I often sit at work with the forum/onlinephp page seeing who is about and what they are doing. The benefits of having a multi monitor set up.

    One IP address was flaggin up with a bright yellow exclamation every time. It had been for over an hour. When you hover the mouse over the question mark next to it, it said it was trying to view a thread that was not there.

    I became curious about it. So viewed the IP, and the domain it was linking too.

    This gave me the shock of my life...
    Last edited by mtg; Sun 13 Apr '08, 12:01am.

  • #2

    I've removed the information you've posted in puiblic, the chances of them using that sql injection in the default setup of vBulletin is unlikely. If you can prove that you somehow got injected by that code please, open a support ticket so we can look into it.

    Security issues should be reported in the bug tracker of the forum system.

    again, The chances of that code being injected though a default vBulletin url though something like showthread.php?f=url is not possible.


    • #3
      Nice gestapo editing

      Well they have been trying to do that and get access to the calander to create an event.

      Its the same IP address who does it so they must be trying something specific.

      I thought the education of your users was the prime element here. Not only that but it would help you know that what your doing is right and/or working to combat this.

      I didnt post it to help people do it. I posted it to show what I encountered so people who see it are aware of it, what to look for, and what they can do to minimise any damage as there are people getting hacked configurations. With the results that are shown from the code that IS being used. Similar to the three examples I have given you. I give you three locations, IP addresses and you delete it.

      If you dont want that on here thats fine, I wont bother to try to help or inform your users on your forums any more.

      Being a paid user of VB, if I could help, I would want to. If someone out there could help, I would want them too. By all working together with small peices of information we can all contribute to keeping VB secure, safe and the product that is respected. This removal of my comments only proves that you at VB think your safe and secure. Your in love with your own product. Thats when people exploit it most.

      Ok, so maybe the SQL injection has been accounted for, but seeing as the footer on VB runs so many things, what is to stop them creating an event in calander to exploit that code in another way? Or simply finding another way and some one telling you how they think it could be done?

      You clearly dont want to listen to any concerns, or suggestions that may imply there is a security risk. You only want to say its not possible without an explaination as to how/why you imply its safe.

      I'll take this discussion off the forum and into the press. See what other people think and talk about it there. I was only trying to help!
      I'll certainly reconsider my next subscription for VB. I would expect a firm to talk to its users and discuss it, not patrol the forums removing anything that is a genuine valid discussion on what could be used to break the system you have fallen in love with.

      As for raising a ticket, you want to hide the information? The last two tickets I raised gave me unhelpful rude answers. From a member of the supprt team who clearly that day was having a bad day and took it out on me. I got more help by a discussion with people at Who openly talked about everything.

      Im done with this forums nazi policy, I wont be back.


      • #4
        It's a acceptable reason to edit a post which could potentially damage many other forums mate ^. Tickets are for that


        • #5
          Not to mention, this forum doesn't have nearly as bad a nazi like policy as IPB's does.


          • #6
            I don't understand why Zachery's intervention insulted you so much, especially since there are ways to offer the same information in a safe environment.

            I'm half-thinking troll, to be honest.
            Toddler from Hell


            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.