Register Members List Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools
  #106  
Old 17 Nov 2013, 22:15
Will Watts Will Watts is offline
 
Join Date: Nov 2012
Originally Posted by Paul M View Post
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.
How did they crack the MySQL password - how is the QA server linked to the live DB?

I'd rather you elaborated on that, with an explanation of "we made a mistake/a config file was left on the QA server/something else etc" rather than leaving the possibility of a vB exploit open. Even if it was only a QA server hacked, how did they then escalate that to the live DB?
  #107  
Old 17 Nov 2013, 22:43
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Real name: Mark Daniel Martinez
Originally Posted by Chris8 View Post
But the thing that is essentially concerning me now the most here in this whole mess actually is:
Supposedly if they had access to write/modify files on vb.com and vb.org servers (By the way, isn't it the same server? Or Vb.com is on separate server from Vb.org?) are all downloadable scripts, mods, templates safe? I mean, assuming they had that access they could for example change certain mods or themes code to put vulnerabilities into them so they can hack other websites powered by vbulletin later.

So, ideally if vb staff knows they had such access vb staff should do the diff of all downloadable content against the backups from the time before it happened to make sure people are safe when downloading and installing new content on their forums/servers.
Also I would be more calm if they (you - I guess people in charge/responsible for vb here read this) could make a statement assuring your customers that everything is safe and nothing was modified or if there was anything modified that you took care to fix it.
If you re-read Paul's explanation, you'll see nothing was modified. vB.org tables were read, not modified. And the only tables read were user tables.

Originally Posted by Will Watts View Post
How did they crack the MySQL password - how is the QA server linked to the live DB?

I'd rather you elaborated on that, with an explanation of "we made a mistake/a config file was left on the QA server/something else etc" rather than leaving the possibility of a vB exploit open. Even if it was only a QA server hacked, how did they then escalate that to the live DB?
Adminer lets you manage database files from one file. I've not used it, but if they had a bunch of cloned databases to look at, it was probably simple reverse engineering.
__________________
  #108  
Old 18 Nov 2013, 01:53
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
The databases are on a different server than the files (typical setup if you have more than one server).
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
  #109  
Old 18 Nov 2013, 10:18
Will Watts Will Watts is offline
 
Join Date: Nov 2012
Originally Posted by Lynne View Post
The databases are on a different server than the files (typical setup if you have more than one server).
So how did they crack the the live DB MySQL? Was the password listed somewhere on the QA server or do you not know how it was done?
  #110  
Old 18 Nov 2013, 15:59
Guest0321
Guest
 
Paul said
"They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.".

If they broke into the server, the QA DB password could be gleaned by the vB config file. Hopefully it wasn't the same db user and password in use for vB.com or vB.org.

In the past, the QA team has copied the vb.com live database (or parts of it) to one of their servers, and tested installations.

Maybe that was done, and the db userid's/passwords were brought along with them. That would have given them access to the vb.com DB.

But I would think the vb.com DB has restricted access via the hosts table or something.
  #111  
Old 18 Nov 2013, 16:20
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by SneakyDave View Post
If they broke into the server, the QA DB password could be gleaned by the vB config file. Hopefully it wasn't the same db user and password in use for vB.com or vB.org.
They are not the same user or password, and never have been.
We have an idea how they may have got the details, and its not via anything vbulletin related.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
  #112  
Old 18 Nov 2013, 17:07
Will Watts Will Watts is offline
 
Join Date: Nov 2012
Originally Posted by Paul M View Post
They are not the same user or password, and never have been.
We have an idea how they may have got the details, and its not via anything vbulletin related.
Was my question not worth answering? This hack is being reported in mainstream tech media, and vB can't be bothered to give proper answers or alleviate concerns?

http://arstechnica.com/security/2013...0-day-attacks/
  #113  
Old 18 Nov 2013, 17:26
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Real name: Mark Daniel Martinez
Arasetechia is mainstream tech media?

I still don't understand what additional information you want/need. I doubt they'll give you the exact method.
__________________
  #114  
Old 18 Nov 2013, 17:54
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Why do people keep trying to find ways to give VB passes on this?

Needing to know if the hack was due to an exploit in VB itself is a hugely legitimate concern.

Is Information Week mainstream tech enough for you? http://www.informationweek.com/secur...d/d-id/1112660

If not, how about PC World? http://www.pcworld.com/article/20644...ort-forum.html
  #115  
Old 18 Nov 2013, 17:58
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Aug 2009
Real name: Chris
Paul said in post #111 the recent issues are not vBulletin related.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
  #116  
Old 18 Nov 2013, 18:08
Will Watts Will Watts is offline
 
Join Date: Nov 2012
Originally Posted by ozzy47 View Post
Paul said in post #111 the recent issues are not vBulletin related.
No he doesn't - he says IB might have an idea of how the attacks may have been attempted.
  #117  
Old 18 Nov 2013, 18:14
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Aug 2009
Real name: Chris
Do you only read what you think you see or what is actually there. "And its not anything vbulletin related."

Originally Posted by Paul M View Post
They are not the same user or password, and never have been.
We have an idea how they may have got the details, and its not via anything vbulletin related.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
  #118  
Old 18 Nov 2013, 18:26
Will Watts Will Watts is offline
 
Join Date: Nov 2012
Originally Posted by ozzy47 View Post
Do you only read what you think you see or what is actually there. "And its not anything vbulletin related."
Part of IBs great plan to be offensive to customers? This is a serious issue, and I'm asking legitimate questions. Please don't insult me.

Paul's post does not say that the hack wasn't caused by a vB exploit - it says IB may have an idea about something that might have caused the hack. It then says what they're looking into isn't a vB exploit.

That isn't the same as saying the hack wasn't caused by a vB exploit. Unless Paul gives us more information, we don't really have any idea whether a new exploit was used. The level of communication from IB is so bad that not even media sources can get a straight answer on what's happening - are customers remotely valued by this company or have even the staff given up on the product?
  #119  
Old 18 Nov 2013, 18:35
Digital Jedi's Avatar
Digital Jedi Digital Jedi is offline
 
Join Date: Oct 2006
Real name: Mark Daniel Martinez
Originally Posted by Will Watts View Post
Paul's post does not say that the hack wasn't caused by a vB exploit - it says IB may have an idea about something that might have caused the hack. It then says what they're looking into isn't a vB exploit.
Originally Posted by Paul M View Post
We have an idea how they may have got the details, and its not via anything vbulletin related.
I give up.
__________________
  #120  
Old 18 Nov 2013, 18:54
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
Think this thread has runs it's course as it's turning in to bickering which clouds the facts.
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mad-Silence styles Rafdin vBulletin 3.7 Styles 9 01 Dec 2008 08:37



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 02:28.

Layout Options | Width: Wide Color: