""Fixing your site after you have been hacked""

Discussion in 'vBulletin Discussions' started by oman, Jan 31, 2014.

  1. BirdOPrey5

    BirdOPrey5 #Awesome

    Joined:
    Jul 16, 2011
    Messages:
    343
    Likes Received:
    105
    Location:
    New York
    First Name:
    Joe
    I don't understand- you don't feel the security of the community means anything? I don't have any live XF sites but you can be sure if I was made aware an XF exploit I would be reporting it to the developers. I don't get how you feel it isn't your responsibility? Is it not your responsibility if you see someone fall off their bicycle and lay hurt on the side of the road unable to get help? You just drive by because it isn't your responsibility?

    As far as I know the OpenSuse people have admitted it was a VBSEO problem- if you don't want to believe them I don't know what to tell you.
     
  2. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    So this is an assumption then on your part? I'm beginning to see a pattern in your thought process. Assume things are as you imagine them to be without validation, tell everyone you know the facts then admit to not having read anything about it when questioned, deny the whole thing and blame others for the misunderstanding while rationalizing your part in the whole affair.
    Gotcha......... Not much sense conversing with you then is there?
    Have a nice day.......MEH!!!!!!!
     
    Big al likes this.
  3. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    That is what i am reading to that vBSEO was not to blame, but they found something but their not telling. Looked at the black market but nothing there if its an exploit its a good one because no one is talking or wispering even. On the surface it looks a normal hack vector but there is much more going on, they are preserving the exploit for something big, there testing it.
     
    Big al likes this.
  4. BirdOPrey5

    BirdOPrey5 #Awesome

    Joined:
    Jul 16, 2011
    Messages:
    343
    Likes Received:
    105
    Location:
    New York
    First Name:
    Joe
    As far as I know because I have no "In" with OpenSuse and have to read the same stuff everyone else does. A VBSEO exploit makes more sense because we know they exist. There is no proof any exploit exists in current VB 4.2.2 or pateched 4.2.1 versions with /install/ deleted.
     
  5. Cerberus

    Cerberus Admin Talk Staff

    Joined:
    May 3, 2009
    Messages:
    1,031
    Likes Received:
    500
    1) They(IB) have made it very clear they do not care about community or their customers, Why should I?
    2) They are all about money, if they promised to pay me I might be willing to help them, but honestly I still probably would not.
    3) The community I once belonged to that consisted of Vbulletin supporters and such no longer exists
    4) I know for a fact it was not a VBSEO problem. Also, VBSEO is simply a plugin. I know Vbulletin loves blaming 3rd party plugins, which is why no one makes them anymore. But, yeah NO!
    5) It will happen again. Maybe not to the same site, but it is out there and people will use it in a much more malicious way.
    6) These exploits take time and money for those who create them. Why kill their business? I think it is a necessary evil. There is no progress without a little destruction. Yin and Yang.
     
    Brandon, we_are_borg and AWS like this.
  6. BirdOPrey5

    BirdOPrey5 #Awesome

    Joined:
    Jul 16, 2011
    Messages:
    343
    Likes Received:
    105
    Location:
    New York
    First Name:
    Joe
    So you are for the illegal hacking of sites and for private details to be stolen from innocent people? That attitude speaks for itself.

    Also your "na na na I know the truth and you can't see it" remark resonates as childish as my translation sounds.

    Their business is criminal and built on the suffering of others. Drug lords, organized crime, and the like work hard too... Why kill their businesses either?

    I'm not sure where you live but it sounds like you've just confessed to conspiracy should the exploits you know about be used in future crimes.
     
  7. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    Why would he help vBulletin if you try to communicate with vBulletin you get there are no exploits and its add-ons. In the end vBulletin is writing the software and responsible for exploits if someone says he has one you give your managers notice so they can talk to him.

    And yes hackers are a evil you'll need to make progress in security. But its also true that a company needs to take there responsebillity when you see so many claims about security issues you should have hired an external security audit to fully check the software. Its also clear that vBulletin is not keeping up with the underground sites and security of their software else they would have seen whats going on. But its not a suprise because the YUI exploit of weeks before vBulletin even noticed it.
     
    AWS likes this.
  8. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Wasn't there a reported 40,000 sites hacked over a period of time before vBull raised their head and reported a possible breach? I could be wrong but I thought I read that in one of the security releases.
     
    Big al likes this.
  9. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    @Autopilot yep. I think it was like 35,000 reported although the article I read said it could have been many more.

    Also there are still many that are affected by that filestore redirect hack. I did a search for some forum topic yesterday and 5 out of the top 10 results redirected to filestore. Although I think that is more of a vbSEO exploit than vbulletin.
     
  10. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,707
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    As a freelancer that gets paid to fix hacked or broken forums I welcome vbulletin sloppy code that we've seen all over since 2009. :laugh:
     
    AWS likes this.
  11. BirdOPrey5

    BirdOPrey5 #Awesome

    Joined:
    Jul 16, 2011
    Messages:
    343
    Likes Received:
    105
    Location:
    New York
    First Name:
    Joe
    No I believe you are wrong- the majority of the hacks came after VB knew but Admins didn't take ction for whatever reason. I was working on a 4.1.8 site today that still had the /install/ directory in place. :cry:
     
  12. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    Was there ever an announcement sent out to users? I don't remember getting one, but, I have unsubscribed from all mailings that can be unsubscribed from because when xTreme Marketer ran the place the spam was coming at break neck pace.

    I know an alert popped up in admincp a day or 2 after the mass hacking took place. I don't remember seeing it before. As you said there are still sites affected by this so if IB did try to warn people then they must have done a piss poor job of it.
     
    Last edited: Feb 3, 2014
  13. zappaDPJ

    zappaDPJ Regular Member

    Joined:
    May 27, 2013
    Messages:
    250
    Likes Received:
    165
    Location:
    London, England
    How terrible, they must be a right bunch of amateurs, not so different to this bunch of clowns: http://www.vbulletin.com/forum/foru...685-demo-installer-did-not-delete-install-php
     
    Big al likes this.
  14. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Big al likes this.
  15. Cerberus

    Cerberus Admin Talk Staff

    Joined:
    May 3, 2009
    Messages:
    1,031
    Likes Received:
    500
    I am for the advancement of technology. And that can not happen without the hacker. Criminal is a relative term. George Washington was seen as one of the greatest criminals in history by the British. But, considered one of the greatest heroes by Americans. It is all a matter of perspective. Confessed to conspiracy? LMFAO Because I know that there are exploits? Plenty people know. The fact that IB has not hired someone to search out these things and stay on top of it shows their lack of professionalism. And I imagine the reason they have not, because they do not care. So, if they do not care again Why should I?

    You seem to be one of those sheeple who think that if you deem something wrong it is wrong. Allow me to educate you on something you should have figured out by now. Laws are pointless and have no value in reality. It is against the law to murder people in many places on planet Earth. But, those laws do not stop people from murdering people. No magic law guy is going to pop out of the air and stop someone from killing someone else. Laws are just a way for those in power to maintain their power. Nothing more , nothing less. And they only work if the people who are supposed to follow them are scared and fear the consequences. Not to mention we live in a made up world, so realistically we can do anything we want. Criminal HA! Shit makes me laugh. Organized crime is one of the most important parts of how America came to be what it is today. Without it, our economy would be nothing. It is a part of who we are. Again an evil that was and is still necessary today.

    In Mexico when they killed Pablo Escobar, crime ran wild and many people were killed in a power vacuum from everyone trying to claim his place. There was more crime and death in the 5 to 10 years following his death than in all the time he was in charge. Why? Because, without someone REALLY bad in charge to keep them all in check, there is no organization. So, which would you rather? Organized or Unorganized crime? I would not pick the latter myself. Again, everything in some way is needed in this world. As I said Yin and Yang.
     
  16. Big al

    Big al Regular Member

    Joined:
    May 14, 2013
    Messages:
    1,093
    Likes Received:
    415
    Location:
    OZ
    This reminds me of the actions of an admin I know who allows his website to used for exactly this purpose.
    He even allows the personal details, photos of an innocent mans house and photos of an innocent mans wife to be posted on his site.

    That attitude speaks for itself.
     
  17. BirdOPrey5

    BirdOPrey5 #Awesome

    Joined:
    Jul 16, 2011
    Messages:
    343
    Likes Received:
    105
    Location:
    New York
    First Name:
    Joe
    Yes... Emails were sent to every vb customer we had in our database no matter from the beginning of time. it was so many it took several days to complete the mailing.
     
  18. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    Never got an email about the hacking stuff, never got an email from marketing to.
     
    Big al likes this.
  19. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Maybe they should be reported to that new Cyber Cop forum in the clouds. :evillaugh:
     
    Big al and thewhatami like this.
  20. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    You're just full of misinformation eh?
     
    Big al likes this.

Share This Page