Register Members List Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools
  #1  
Old 08 Dec 2012, 00:13
Pablo18 Pablo18 is offline
 
Join Date: Dec 2012
Thumbs down vBulletin very easy to hacked ?

What's going on here...?

In last few days hackers party a lot with vBulletin forum :

***link removed***

I don't care with their reason, but the fact he can hacked few vBulletin forum easily made me think....how weak security in vBulletin. The situation is the fact.

Any opinion...? or providing security patch...?

Last edited by Lynne; 09 Dec 2012 at 03:34. Reason: removed link
  #2  
Old 08 Dec 2012, 00:35
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by Pablo18 View Post
.how weak security in vBulletin.
As weak as the owner/installer/admin makes it.
  #3  
Old 08 Dec 2012, 01:05
Pablo18 Pablo18 is offline
 
Join Date: Dec 2012
Originally Posted by Max Taxable View Post
As weak as the owner/installer/admin makes it.
Oh really...? Are you sure...? I don't think so.

This hackers clearly using the bugs in sytem, don't always blame owner/installer/admin.

The story will be different if security patch always update..
  #4  
Old 08 Dec 2012, 01:10
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
How do you know how it's being done?
  #5  
Old 08 Dec 2012, 01:37
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by Pablo18 View Post
Oh really...? Are you sure...? I don't think so.

This hackers clearly using the bugs in sytem, don't always blame owner/installer/admin.

The story will be different if security patch always update..
I've had vBulletin installations for many years, going back at least to 2004. Never been "hacked," cracked, defaced, anything.

There's not any web pages that don't have some kind of exploit in them, vBulletin's not alone there.
The story will be different if security patch always update..
Which, does depend on the owner/admin to apply in a timely manner.
  #6  
Old 08 Dec 2012, 12:59
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by Pablo18 View Post
....how weak security in vBulletin.
It isnt. There are no known exploits at this time.

Originally Posted by Pablo18 View Post
The situation is the fact.
What facts ?
Do you have solid proof on how they were hacked ?

No ? then you have no "facts".
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
  #7  
Old 08 Dec 2012, 13:40
trackpads's Avatar
trackpads trackpads is offline
 
Join Date: Aug 2003
Real name: Jason
Agreed with Paul.

My 2 cents. You are always at risk of something bad happening. That is the risk you take. You mitigate risk by backing up/testing backups and doing your utmost to secure your site AND your server.

Some of these hacks could have been done at the server level, not just software. You just don't know. Every major hosting provider has had successful attacks. You learn, adapt and move on.

In the case with IQ69, I found on their twitter feed, that group that hacked them is claiming to have all 50GB their data. To get that kind of access you need console access. No one can sqldump 50GB from the phpmyadmin interface. Plus the files etc are not just available because you have a admin password. They have ftp access too.

a. NONE of your logins and passwords should be the same. If your ftp, cpanel, root, forum and others admin logins are all the same then you are screwing yourself.

b. Use secure server software with a provider that has the latest updates. Cpanel etc.

c. BACKUP!!!!!

d. BACKUP off site!!!!

Hope this helps,

-Jason Edwards, CISSP

--------------- Added 08 Dec 2012 at 13:49 ---------------

Secondly,

Use a Firewall or Proxy service. Some attacks can be foiled by a good proxy. I use cloudflare and have found it to be usefull. Does require some tooling to get some Vbulletin mods to work but it has blocked massive amounts of malicious ip traffic from ever reaching my site. IT can also cache and do other improvements as well that will speed up your site.

Last edited by trackpads; 08 Dec 2012 at 13:47.
  #8  
Old 08 Dec 2012, 16:20
puertoblack2003's Avatar
puertoblack2003 puertoblack2003 is offline
 
Join Date: Aug 2005
vbulletin has nothing to do with exploits. It's server side. I remember reading it somewhere.
__________________
Android Custom Creations
  #9  
Old 08 Dec 2012, 18:14
MrXXXnX MrXXXnX is offline
 
Join Date: Dec 2012
Can we have some content-wise discussion about the subject? Because the thing would be interesting if there were some facts, code or something.

My humble guess also would be that you're posting a link to your own twitter profile Pablo to make it more popular since you have 0 posts here, otherwise I don't understand why someone suddenly came here, registered and posted this.
  #10  
Old 08 Dec 2012, 18:22
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by puertoblack2003 View Post
vbulletin has nothing to do with exploits. It's server side. I remember reading it somewhere.
There can be some exploits installed via bad skins for example, and some after market mods leave security holes and cause risk. A "exploit" is any entry point for everything from script kiddies to hard core black hat hackers.
  #11  
Old 08 Dec 2012, 18:41
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by MrXXXnX View Post
Can we have some content-wise discussion about the subject? Because the thing would be interesting if there were some facts, code or something.

My humble guess also would be that you're posting a link to your own twitter profile Pablo to make it more popular since you have 0 posts here, otherwise I don't understand why someone suddenly came here, registered and posted this.
Just like you with 0 posts.
  #12  
Old 08 Dec 2012, 18:47
MrXXXnX MrXXXnX is offline
 
Join Date: Dec 2012
Originally Posted by ForceHSS View Post
Just like you with 0 posts.
Yes. I've posted it intentionally in the incognito mode because I don't argue with hacker kiddos using my real profile, that would be just in case. My forums are secured very well but again ...just in case, because you never can be 100% sure.
  #13  
Old 09 Dec 2012, 00:52
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by MrXXXnX View Post
Yes. I've posted it intentionally in the incognito mode because I don't argue with hacker kiddos using my real profile, that would be just in case. My forums are secured very well but again ...just in case, because you never can be 100% sure.
Now that made me laugh as it is hard to believe you would just make an account to reply to this one thread

Last edited by ForceHSS; 09 Dec 2012 at 01:05.
  #14  
Old 09 Dec 2012, 03:32
Okiewan's Avatar
Okiewan Okiewan is offline
 
Join Date: Dec 2001
Originally Posted by Pablo18 View Post
What's going on here...?

In last few days hackers party a lot with vBulletin forum :

***link removed***

I don't care with their reason, but the fact he can hacked few vBulletin forum easily made me think....how weak security in vBulletin. The situation is the fact.

Any opinion...? or providing security patch...?
vBulletin has good protection. Don't worry

Last edited by Dismounted; 09 Dec 2012 at 06:20. Reason: Quotes Deleted Text
  #15  
Old 09 Dec 2012, 20:30
MrXXXnX MrXXXnX is offline
 
Join Date: Dec 2012
Originally Posted by ForceHSS View Post
Now that made me laugh as it is hard to believe you would just make an account to reply to this one thread
I actually did. It took me less than 1 minute. But I was thinking about making one to post in thread like this one since a while and now I just did.

Going back to the subject imho vbulletin especially old vb3 is very secure software. Assuming that one cares about basic system security like weak permissions or control panel and other unnecessary for end user files access then vb is really hard nut to crack. Saying: "vBulletin very easy to hacked " without any fact/proof is just silly babbling. But that's not the reason I did it, the reason I posted above was to induce the OP to post some proofs if he has any... but I really really doubt he has any or that he even knows anything about the web security at all.

Oh and I would like to point that there are some really controversial/unwanted/tempting (for some people) sites powered by vb and many would like to hack them but yet that sites stand still there like solid rocks. So ..yeah.

Last edited by MrXXXnX; 09 Dec 2012 at 20:39.
Closed Thread



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 20:22.

Layout Options | Width: Wide Color: