More security breaches reported

Discussion in 'vBulletin Discussions' started by Autopilot, Oct 3, 2013.

  1. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
  2. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    Site and server security is not just about removing the install folder and no one has ever claimed that. Locking the front door is useless if you leave the back door and all the windows open - or perhaps a more appropriate analogy is leaving an extra door key under the welcome mat where anyone can find it.

    Most security breaches with ANY software come down to pretty basic safeguards that are still not implemented in most forums, vBulletin, Xenforo, IPB, phpBB, or anything else.
     
    Paul M and Brandon like this.
  3. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Big al likes this.
  4. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    See http://www.vbulletin.com/forum/foru...t-at-all-from-vbulletin?p=3997895#post3997895

    Wayne Luke:

    So when had he already submitted a ticket about this issue? Two years before he had the issue?

    Do you seriously wonder why they call you a troll?
     
  5. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @djbaxter Seriously you seem to have some pathological urge to argue every post I make by using personal attacks to prove your point and distort the point so others find it hard to follow. I thought it was bad when you showed tendencies of being a cyber bully but now you've up the game by demonstrating you are a cyber stocker as well? You really should get some professional help son.
     
  6. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    Yeah really, because you're just that fascinating and important. :rolleyes: By the way, it's "stalker", not "stocker".
     
  7. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    You assume I wasn't referring to you as a stocker, one who pigeon holes people puts them on a shelf with quaint labels. Stalker? Yeah you are that too and it's interesting you recognize that in yourself. Either way you cut it, you are pathologically compulsive in your being a cyber bully and cyber "stalker". In rational conversations you seem to find it difficult to state a difference of opinion without first trying to over power others with your self importance and bully them with derogatory insults. You need help son and venting or displaying your pathology publicly here or elsewhere on people is counter productive to you recovering your mental health.
     
  8. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    More than 35,000 vBull sites hacked as reported on KrebsonSecurity
     
    Big al likes this.
  9. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Big al and Autopilot like this.
  10. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    How long has it been since vBulletin warned people via the AdminCP and email that they need to remove the install directory?

    Are we supposed to feel sorry for forum owners who are too lazy to do that?
     
  11. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    Big al and Autopilot like this.
  12. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    If we remember, emails about this vulnerability were sent out after the fact. And I doubt all 35,000 reported hacks were the responsibility of the customer. One case reported on vBull forum reports the install was done by paid vBull staff in this thread and then according to the customer he felt he was refused help.

    Not everyone is skilled or knowledgeable in the intricacies of installing software that goes beyond "click to install". This one person paid to have his system installed by what he thought were professionals who knew what they were doing. How many of the 35,000 reported cases did the same? Hard to say but there were probably many who paid good money to have the software professionally installed.

    I place the blame squarely on the shoulders of the devs, IB and vB who knew there was a hole and didn't provide adequate installation procedures such as not activating the installed program until those directories/files were removed. Less sophisticated and newer forum platforms require this so the failing is on them not the customer and there are many older platforms that have done so for years.
     
    Last edited: Oct 18, 2013
    Big al and Brandon like this.
  13. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    1. If we remember, there was a starkly displayed warning at the very top of the AdminCP the day it was disclosed. I cannot imagine an Admin/owner on top of things not logging into the AdminCP at least daily, if not several times faily.

    2. Even given the delay of the email, that went out weeks ago. If you own a forum and don't keep on top of these things yourself, you deserve what you get.

    No sympathy whatsoever from me.
     
  14. Ludwig

    Ludwig Regular Member

    Joined:
    Jul 15, 2013
    Messages:
    21
    Likes Received:
    17
    Location:
    Mx
    No sympathy for people trusting a well established company with providing quality software? I'm sorry, the root of the problem is poorly written code, the install vulnerability shouldn't had existed in the first place. It reminds me of the exploit that would give you the site's database details just by typing something in the FAQ page, that's just amateur coding.

    I keep on top of things and I don't have to (or can) log into ACP every day. Sites were getting hacked at least several days before vBulletin was aware of the problem at all, so even someone like you who does "keep on top of things" unlike irresponsible admins who don't, could've gotten screwed by it, you were lucky not to. It wasn't keeping on top of things what saved you, it was mere luck.
     
    Big al and Autopilot like this.

Share This Page