New Security Issue in VB?

You're all mean to each other

 

seriously. chill out dudes.

he asked if i saw the alert and i said i did after the fact. i figured it would be assumed the install folder was still there as that is the reason this hack is works.

 

Thank you for the confirmation @Caddyman that this is the case with you. However as has been proven by an outside security firm, this hack is not always the result of the install folder being present. In fact the install folder alone without the content cannot be used to breach any forum system. This is why we/I cannot assume that just because you read the alert and confirm this, that your install folder was (unconfirmed) there.

Thanks again for clarifying your individual case.

 

uh - what outside firm? Source?

 

Sucuri

 

and where do you see the confirmation that "this hack is not always the result of the install folder being present" as you said?

 

The full context of what I said was

Quoting from Sucuri's blog

 

I take that statement in the Securi blog post to mean they haven't seen any attempts at vb5 (since only 5 requires "core")

What I take from your statement is that it has been proven that even if the install folder is deleted they can still get in with this method.

 

The breach as I understand it is that someone can and has gained access by several methods, and in doing so can give themselves admin powers. What I've been saying is that using the /install method is not the only method to achieve assigning oneself as admin.

Several people have said they were hacked and I have asked them to clarify if they did or did not have their /install folder and contents installed.

If it was then that would be one way to gain access and assign oneself as admin. If not then another method was used to obtain the same result.

 

Whatever the cause or method database's are not secure.

 

No site is 100% secure. But in this instance, if you have vb 4.21 installed, the only hack I know of is via the install folder. If you have specific information that can be tested, great. Please tell us about it so vb can investigate and fix it. Just saying you talked to several people means little. For example, was the install hacker there already when they deleted their install folder and maybe left something behind they didn't notice?

Otherwise, Lets not scare people unnecessarily.

 

I've seen one example somewhere, which I can no longer locate, of someone claiming they were hacked with the install folder removed. From what I've seen it's not uncommon for forums to have been hacked sometime before the hacker delivers the payload so it is entirely possibly that forum was already hacked before the install folder was removed.

 

That's true, no site is 100% secure. but in this instance the site Sucuri was investigating was not running vB5 but vB4.
And most of what I've commented on was based on official reports other than simply talking with several people and I disagree with your saying this means little. It means a lot.

For instance was the install folder removed after the install and at some later time a hacked used what ever it is they have in their arsenal to gain access and deface a site?

You have a valid point given your set of conditions but that doesn't negate other possibilities.

You call it scaring, I call it being informed. In either case I don't see it as unnecessary since telling the hackers to stop hacking and scaring people, or telling security firms to stop posting reports of hacking because they are scaring people, would be unproductive.

 

Securi monitors many sites. (including mine, and I highly recommend them) They were looking at their logs. In those logs they said they weren't seeing instances of people looking for */core/install/, which is vb5. But they were seeing traffic on some of the sites the monitor looking for */install/ - which is vb4.

Now - back onto the subject. Can you show me an official report of 4.22 being hacked by a method other then the install hack?

An official report is one that explains the who, what, how and where of the hacking.

There are many ways people get hacked that might not have to do with the software directly. For example... There was a prominent site hacked not too long ago but it turned out the hole was a combination of insecure passwords and moderators being allowed to use HTML in the forums. I don't call that a software vulnerability.

 

Other than what has been reported here and in the links provided in this discussion by others of official reports. If you have an inside source at vB you might want to check there. They are not releasing any details to their customers.

I don't believe anyone here said it was so it's a mute point.

 

@Joeychgo I take it this is your site? http://www.lincolnvscadillac.com/
Did you get hacked? If so perhaps you could share the details with others?

 

Nah, im done arguing with you-

 

Sorry to hear you think of it as an argument, I thought it was a productive additional point of view.
To each his own I guess.

 

No I think you misinterpreted the Securi blog post and wont recognize that, and keep making unsubstantiated claims about security holes that 'someone told you' about. Your wasting my time.

 

@Joeychgo What because someone has a different opinion than yours and doesn't provide any more official reports other than the victims statement and the security report they misinterpret the reports?

So you are saying then that the Canonical Blog and the Sucuri official statements are "unsubstantiated claims"?? Now that's an interesting point of view because their reports are what is part of the discussion here.