Register Members List Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools
  #1  
Old 15 Nov 2013, 05:33
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Why the silence?

Why is VB.org and VB.com being silent on the fact that both were hacked yesterday, and access to customer data was gained? What is being done to protect VB license holders? You ought to at least email people so they can change their passwords rather than leaving it up to some outside source for us to find out about this!

Unfortunately, I don't have much faith ya'll will let this post stick around.

Last edited by motorhaven; 15 Nov 2013 at 05:38.
  #2  
Old 15 Nov 2013, 05:37
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
How do you know they were hacked?
  #3  
Old 15 Nov 2013, 05:51
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Because the people who did it posted screenshots of the contents of the file systems. Macrumors was compromised as a result of this as well, and 800,000 user accounts possibly compromised. They made it a point to announce it so their users could take again, Internet Brands has not. Inexcusable!


https://www.facebook.com/inj3ct0rs/p...11793255548704
This is the group that did it and they include the screen captures from the shell they managed to install on the servers.

Again, I ask... why the silence? This explains why the VB.org site was mysteriously down last night!

Last edited by motorhaven; 15 Nov 2013 at 06:23.
  #4  
Old 15 Nov 2013, 07:03
WEBDosser's Avatar
WEBDosser WEBDosser is offline
 
Join Date: Oct 2001
Well I never..
  #5  
Old 15 Nov 2013, 08:16
Amaury Amaury is offline
 
Join Date: Nov 2011
Real name: Amaury
I wouldn't solely trust a screenshot if my life depended on it.
  #6  
Old 15 Nov 2013, 10:32
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Aug 2009
Real name: Chris
I seriously doubt such a thing happened, but if it truely did, I am sure we would be advised of it.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
  #7  
Old 15 Nov 2013, 11:57
Dave Dave is online now
 
Join Date: Jun 2010
Real name: Dave
I guess he's referring to this http://1337day.com/exploit/description/21518
Kinda scary, 0days.
  #8  
Old 15 Nov 2013, 13:14
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Originally Posted by ozzy47 View Post
I seriously doubt such a thing happened, but if it truely did, I am sure we would be advised of it.
1. A contractor for VB has already admitted it, then tried to bluff it out by saying it was "beta" installation on their server which was hit. But BOTH .com and .org were down, and screen shots show access to non-beta installations. http://www.theadminzone.com/forums/s...d.php?t=105650

2. It happened at the same time both VB.com and VB.org sites were mysteriously down.

3. The Mac site has already widely reported in the press.... then again they did the right thing and told their users immediately.

4. Just a few weeks ago the install directory exploit was reported by VB, and they pulled a similar move not broadcasting that there was an exploit until it was already widely known. I did consulting cleaning up hacked VB sites. This is not something I care to do with my consulting time, because it's money out of small business pockets they should not have had to spend!

I have defended the product for a long time when others haven't --- this I cannot.

Last edited by motorhaven; 15 Nov 2013 at 14:20.
  #9  
Old 15 Nov 2013, 13:17
lapiervb lapiervb is offline
 
Join Date: Mar 2010
I read the same thing here -> http://www.theadminzone.com/forums/s...d.php?t=105650


Can anybody confirm this is true?
  #10  
Old 15 Nov 2013, 13:18
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
From what i can see its not true
  #11  
Old 15 Nov 2013, 13:34
lapiervb lapiervb is offline
 
Join Date: Mar 2010
Originally Posted by ForceHSS View Post
From what i can see its not true
And what do you see? Did you read this somewhere? Has VB come out and said this did not happen? Or does "from what you can see" mean you "hope" its not true??
  #12  
Old 15 Nov 2013, 14:11
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
Why the silence?

Because nobody is saying anything of course...
  #13  
Old 15 Nov 2013, 14:19
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Originally Posted by ForceHSS View Post
From what i can see its not true
Did you even read that thread? One of VB's guys admitted it.
  #14  
Old 15 Nov 2013, 14:23
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by motorhaven View Post
1. A contractor for VB has already admitted it, then tried to bluff it out by saying it was "beta" installation on their server which was hit. But BOTH .com and .org were down, and screen shots show access to non-beta installations. http://www.theadminzone.com/forums/s...d.php?t=105650

2. It happened at the same time both VB.com and VB.org sites were mysteriously down.
You are making stuff up here.

1. I stated (correctly) that the server they hacked was an old QA stage server.

2. The server was not hacked yesterday, the screenshots date it at sometime in October (more than likely they did it even earlier, just took later shots).

3. vb.org & vb.com were last down (12th/13th depending on your timezone) because of scheduled work on the database server.

You are free to discuss this situation on vb.org, you are not free to make up stuff.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
  #15  
Old 15 Nov 2013, 15:00
nerbert nerbert is offline
 
Join Date: May 2008
One little inconsistency here is that the facebook announcement says the vulnerability is in vB4 and vB5 and they hacked vBulletin.org. vBulletin.org uses vb3.6.12. Why didn't the announcement say the vulnerability is in vB3 as well?

If you're so sure this is true then buy their patch (NOT!!!!!)

Originally Posted by Inj3ct0r Exploit DataBase
All those wishing to buy a vulnerability and patch your forum : h t t p ://1337day.com/exploit/description/21518

Last edited by nerbert; 15 Nov 2013 at 15:07.
Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mad-Silence styles Rafdin vBulletin 3.7 Styles 9 01 Dec 2008 08:37



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 15:06.

Layout Options | Width: Wide Color: