New Security Issue in VB?

Discussion in 'vBulletin Discussions' started by Autopilot, Aug 24, 2013.

  1. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    IIRC The Ubuntu Forums got hacked because of a combination of a weak moderator password and the ability for mods to use HTML.
     
    djbaxter and Joeychgo like this.
  2. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    No - that is exactly my point. The secure statement isn't unsubstantiated whatsoever. However, Securi is basically reporting what vBulletin said and speaking only to the install folder compromise. They are only saying that of the sites they monitor they haven't seen requests for the vb 5 installation folder, just the vb 4x installation folder.

    Canonical Blog is referring too the Ubuntu hacking, which was ultimately discovered not to be a security hole in the software, but a problem with how they administered it.

    Source

    I've explained this several times before and you just refuse to get it. Maybe you skim things and don't actually read them completely, I don't know. But your wasting my time because you keep coming back to things I have already answered. Your not informing anyone that way, you are making a bigger mess instead of making things simple and easy for others to understand.
     
    djbaxter likes this.
  3. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Personally I'm not sure what point you are trying to make. First you ask questions without providing any information, and when you were unhappy with my replies you started to loose me when you started with the personal attacks. So IMO you've made no point or provided anything different than what has already be posted or reported by others. I don't waste anyone's time, if you feel you have wasted your time that's all on you bud.
     
  4. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    The only thing Sucuri blog said about the /install is the following

    Does two lines is all you'll need, the first part they do not see specific scans for /core/install meaning that its not so much under attack. But in the logs they see lots of requests for /install but they do not yet know if its because of vBulletin or other CMS systems out there. In the blog there is no talk that there is a security issue that is not yet discovered that has to do for vBulletin 4.
     
    Joeychgo and djbaxter like this.
  5. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    No, Joey is correct. You are wasting time, breath, and bandwidth. You seem to have completely misunderstood the Securi report and the more you go on about the more evident that becomes.

    My advice is to stop now before you humiliate yourself even further.

    I expect you'll ignore that advice, though, blathering on in ever decreasing circles.
     
    ProSportsForums and Joeychgo like this.
  6. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    That's exactly what I have been saying. Somewhere I think I quoted the same lines.

    The whole issue here is not anyone's (my, or others) opinion but security issues. We had several opinions as to how this hack or other hacks have occurred and the effects its had on some communities. For those who get pissed off at my or someone else opinion, get a life. Your opinion is no less important than others and it doesn't promote people interacting by going off in a huff calling people names and trying to put down their opinions with trash talk.

    So if we could I'd like to suggest that if anyone has had their site hacked could you provide us with some details like
    1) did you or did you not have the /install folder online when it happened?
    2) how do you think the hacker got in to your site?
    3) what did the hacker do to your site? Was the database compromised?

    Hopefully we can keep the frustration and anger in check, this is only a discussion and peoples opinions.
     
  7. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Your opinion is your opinion and nothing more. Where you loose site and show the cut of your cloth is when you start attacking people who don't have the same opinion as your or you can convince them your opinion is the only one and theirs is not.

    To bad you don't apply more of your professional knowledge here in treating others as equals. The blathering you refer to can also be you going on and on and on trying to prove me wrong when all I've done is quote 2 official reports and indicate there is more than one way to hack a site.

    I respect your right to express your opinion and accept it as just that. YOUR OPINION. Please offer the same courtesy to others.
     
  8. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    No this started here:
    From as much as I can tell, you were wrong here. I asked you to explain / source this statement, but you couldn't. You misquoted / misunderstood Securi.

    HERE is my point. I've said it several times now. if you have upgraded to 4.21 There is no evidence that there is a security hole past the install folder hole. Deleting the install folder closes that hole. End of story.

    This is not about opinions but facts. I and others have been quoting facts, you have been misquoting them and then criticizing others for it.

    NOW -- If you have information that there is another security hole, please provide a valid source. Otherwise, all your doing is getting people worked up for nothing. Your not being informed, your causing problems and confusing issues.
     
    djbaxter likes this.
  9. ProSportsForums

    ProSportsForums Regular Member

    Joined:
    Dec 25, 2012
    Messages:
    529
    Likes Received:
    232
    Location:
    St Petersburg, Florida
    This conversation has all the allure of watching flies [****][****][****][****].
    Forum administrators addressing each other personally instead of the topic?
    Are you [****][****][****][****]ing kidding me?
     
    Autopilot likes this.
  10. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @Joeychgo I didn't misquote anyone as I quoted right from their site what they said when I quoted them. Simple. Misunderstood, perhaps, but I don't think so. So I have been quoting facts. Others have given links to the official reports by the victim in one case Canonical, Sucuri and PC World. I've read them all and some others I can't remember the link to. There posted here somewhere.
     
  11. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    and if you took the time to read about what happened to ubantu, both here and on the various blogs, you would know that Ubuntu Forums got hacked because of a combination of a weak moderator password and the ability for mods to use HTML. Nothing to do with a security hole in the software.

    The 3 sources you just quoted are talking about different incidents that are unrelated. The Canonical and PDC world articles talk about Ubuntu and the Securi article talks about the install folder hack.

    DO you get that?
     
    djbaxter likes this.
  12. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    I agree Dan and this as I've said has nothing to do with the /install issue.
     
  13. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    And if you bother to read what you quoted me as saying
    you would see it is one and the same thing. ergo
    One in the same worded differently.
     
  14. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    THEY ARE NOT THE SAME HACK AND ARE COMPLETELY UNRELATED!

    Ergo............ Your wrong.
    Clear enough?
     
    djbaxter likes this.
  15. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    1. People that say they where hacked had the /install directory open for all visitors to that domain. I haven't seen any other talk and/or posts in any forum or even in hacking sites. If you run the latest patch level version and delete or remove access to the /install directory you should be fine for now.
    2. You can ask but hacked sites normally don't give that information, the more is known the harder it gets to secure your own site. This is also the mean reason people report it the the software company and to no one else.
    3. With the /install hack the hacker would be administrator so he/she can do lots of stuff depending what you have installed, think addons etc. Luckely vBulletin has the config.php that says who can execute SQL commands and you can secure administrators by making them uneditable. If you do not do this and the hacker can do SQL commands you will have far more issues. He/she can make edits in the styles and/or language and inject code that would be a big security risk.

    vBulletin should have more security layers but the features and improvements for this is in Jira for over 2 years. Hashing styles and languages would be detected straight away.
     
    Joeychgo likes this.
  16. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    So you agree with me then even though you say I am wrong.
     
  17. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    @Autopilot what outside security firm has said that, i havent seen anything online what is the url of the company who said that or link to the post where it was said.
     
    Joeychgo likes this.
  18. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222

    Just... wow
     
    djbaxter likes this.
  19. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
  20. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    The only thing Securi is talking about is about the /core/install and /install directory nothing more nothing less. In that whole blog post there not saying anything about another security issue with vBulletin. The ONLY thing there seeing is that /install directory is being targeted more then /core/install. They can't say if this is because there targetting vBulletin 4.x or that there is ANOTHER CMS that has a security risk. What Sucuri is NOT saying is that there more issues at this moment with vBulletin.

    The Ubuntu forum hack was their own fault it was a combination with easy password and allowing people to use HTML. First thing HTML use in vBulletin is disabled by default second vBulletin is not responsible for easy passwords.

    So Joey was right there no other issues in vBulletin at this moment.
     
  21. Dan Hutter

    Dan Hutter aka Big Dan

    Joined:
    Jul 20, 2006
    Messages:
    1,412
    Likes Received:
    515
    Location:
    New York
    Just to add another arguing point to this mix:

    /install/ is a very common path for quite a few CMSes. Those scans Securi is seeing may not even be aimed at vBulletin specificly. Could be just some script kiddy looking for any vunerable script.

    As much as I give vB chit, overall they have a pretty decent record on security. They patch almost immediately. Remember me complaining a year or two ago about about the constant PL (patch) releases? Even though they're a pain in the rear it's a good thing for people who run vB. You know they're on top of security issues.

    The install folder hack is just a one off thing. It's the only widely known vB hack in recent memory for me. Overall so far the effects of it have been pretty harmless. Yeah, it looks scary but it's just a meta redirect to some hacker's brag page.
     
    Last edited: Sep 16, 2013
    Autopilot and djbaxter like this.

Share This Page