New Security Issue in VB?

Discussion in 'vBulletin Discussions' started by Autopilot, Aug 24, 2013.

  1. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    I've had him on ignore here and on other sites for a while. If he ever starts to post anything of substance or has a thought that wasn't paid for I might take him off the list.
     
    BamaStangGuy likes this.
  2. Paul M

    Paul M Dr Pepper Addict

    Joined:
    Jun 16, 2009
    Messages:
    449
    Likes Received:
    136
    Location:
    Nottingham, UK
    Well I see this went of at a complete tangent.
     
  3. Mark.B

    Mark.B Regular Member

    Joined:
    Jul 4, 2013
    Messages:
    253
    Likes Received:
    42
    It fattened my ignore list nicely. The forum is quite pleasant to be on now.
     
  4. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    How can a forum be pleasant, when you see no posts.:P

    Oops ok. Maybe you'll see mine. But then again, because I was being sarcastic, you'll put me on your ignore list too.

    Scott
     
    Autopilot likes this.
  5. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    Scott your posts are intelligent and well thought out. You don't change your opinion half way through a thread. I may disagree with you from time to time, but, I respect your opinion. I can deal with that.

    I can't deal with reading the same thing over and over again by a person that has shown he has no values. So the solution is to remove his posts from my view. In my 15 years posting on various communities this is the first time I have ever used the ignore feature. I can tolerate just about anything. I can not tolerate phoney people or people with no integrity or values.
     
  6. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    Just so I can be certain. The second paragraph wasn't refering to me too, right?

    Thanks for the compliment in the fist paragraph.

    Scott
     
  7. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    Second paragraph was not you.
     
  8. Maledetto

    Maledetto Regular Member

    Joined:
    Sep 2, 2013
    Messages:
    2
    Likes Received:
    0
    This happened in one of my forums. The /install was still there and they created an admin user. Same no ip registered. They dropped a 404.php file and a shell2.php file on the forum folder.
     
  9. My Tech Guy

    My Tech Guy Regular Member

    Joined:
    Jul 12, 2013
    Messages:
    2
    Likes Received:
    1
    This is the saddest part of it. It was really disappointing to see him put a certain coder ahead of paying license holders the other day. Very unprofessional.
     
  10. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    link? .. for science ;)
     
  11. Mike Edge

    Mike Edge Regular Member

    Joined:
    Jul 25, 2012
    Messages:
    27
    Likes Received:
    17
    Location:
    Fort Wayne, Indiana
    Shouldn't you be trying to make vB5 useable rather then trolling forums? Oh wait... vB5 will never be usable.. Carry on sailing on the quickly sinking vessel known as IB, don't expect a life preserver from us.
     
  12. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    Do ALL threads at AdminTalk degenerate into playground insults? O.o
     
    Mikey likes this.
  13. NotoriousMK

    NotoriousMK Regular Member

    Joined:
    Mar 5, 2013
    Messages:
    46
    Likes Received:
    12
    It happened to me too on vb3 and vb4 :(
     
    Mikey likes this.
  14. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @NotoriousMK when this happened to you did you still have the /install folder in the root or had you removed it before it happened?
     
  15. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Well lets see, did this help to bring it back on track? or lather the slippery slope more?:ROFL:
     
    djbaxter likes this.
  16. Ludwig

    Ludwig Regular Member

    Joined:
    Jul 15, 2013
    Messages:
    21
    Likes Received:
    17
    Location:
    Mx
    I didn't receive an email from vBulletin notifying me about this exploit until yesterday. A week later, not bad at all. :facepalm:
     
  17. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    You would have seen a note at the very top of your AdminCP the day the vulnerability was identified had you logged in. Most forum owners will do that pretty much every day...

    You might also be interested in this mod released today: AdminCP News as Posts or PMs by BOP5 (Get your Admin CP News PMed to you!) for 4.x and AdminCP News as Posts or PMs by BOP5 (Get your Admin CP News PMed to you!) VB3 for 3.x.
     
  18. Ludwig

    Ludwig Regular Member

    Joined:
    Jul 15, 2013
    Messages:
    21
    Likes Received:
    17
    Location:
    Mx
    I knew about the exploit because I visit vBcom and other webmaster forums daily, not everybody logs into their ACP everyday, I visit my forum everyday, but I don't get into ACP unless I have something specific to do (maybe two or three times a week); but that's not really the point... any company with an ounce of professionalism would notify their clients about a security issue via email and fast, not wait a week to do it.

    Thanks for the mod link btw. :)
     
    Mikey likes this.
  19. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    Having it appear in your ACP can be done almost instantly. Logging in just to check for news only takes a couple of seconds...
     
  20. Ludwig

    Ludwig Regular Member

    Joined:
    Jul 15, 2013
    Messages:
    21
    Likes Received:
    17
    Location:
    Mx
    Again, not really the point. I keep up to date with everything, but not everybody can do it or knows how to do it. A responsible company would make sure to reach as many of their customers as possible and not assume that everybody logs into ACP to check the news or visits their support forums everyday.
     
    Mikey and Autopilot like this.

Share This Page