New Security Issue in VB?

Discussion in 'vBulletin Discussions' started by Autopilot, Aug 24, 2013.

  1. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada
    That's correct. I'm not going to name the file or files specifically. But of course deleting the install folder also deletes the files in that folder.
     
  2. djbaxter

    djbaxter Regular Member

    Joined:
    Jul 4, 2009
    Messages:
    261
    Likes Received:
    162
    Location:
    Ottawa ON Canada

    That's moronic. That's like saying if your laptop is infected do a Google search for viruses and you'll have all the information you need.
     
  3. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Another example of your bad logic fallacy? He asked for links of examples, and rather than cut and paste the links I found, well you know. Do some leg work, he can find the same sources. But then you knew that right?
     
  4. we_are_borg

    we_are_borg Regular Member

    Joined:
    May 8, 2013
    Messages:
    305
    Likes Received:
    168
    Location:
    Netherlands
    First Name:
    Jeroen
    Thats what people mean with you you can not give one example your deflecting your answers with comments like linking to Sucuri or say Google and then not going in into examples. I have checked now the CVE and looked for 0day exploits but there is noting. Like i said are you trying to FUD and want websites to use resources and money on security with no real basis or are you indeed like also other saying acting as a troll.

    As for your opinion well you are stating it as a fact see below.

     
  5. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @we_are_borg Then examples you and others are requesting are one and the same examples when you reference CVE and oday. It would be like giving examples of the issue of security vulnerabilities with links to given earlier. The examples are those links and rather than posting a long list of examples I found, it would be just as easy for you to do a search.
    Sorry I have no idea what FUD is.
    The real basis as you say are what others have found and posted about. And "it's just on of many in VB" refers to all those posts where others have found the vulnerabilities. If you include the full context of that, it is nothing more than an opinion. The facts are presented by others finding the vulnerabilities.
     
  6. CM30

    CM30 Regular Member

    Joined:
    Jul 1, 2012
    Messages:
    901
    Likes Received:
    500
    FUD = Fear Uncertainty Doubt.

    They're saying you're spreading misinformation to scare people.
     
    djbaxter likes this.
  7. ProSportsForums

    ProSportsForums Regular Member

    Joined:
    Dec 25, 2012
    Messages:
    529
    Likes Received:
    232
    Location:
    St Petersburg, Florida
    We used to call it by another name, concern trolling.
     
    djbaxter likes this.
  8. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Interesting LOL. Spreading misinformation? Questioning? Reading links posted by others and opining on what I've read? Hardly spreading misinformation unless it can be proven that what others have posted about being hacked ie: Canonical, Sucuri and posts on vB, or other sites then linking or opining on what they said isn't.

    Perhaps they are just highjacking the thread for whatever reason? Taking the focus off security issues. Shooting the messenger is always a great means of silencing others.

    Well fine, there isn't really anything more I can add as I've not personally experienced hacks to any of my forums when they were up. If people want to ignore what others have to say that's fine too.
     
  9. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    There is a post on the vbulletin forum from a user who was running 4.2.1 and was hacked. The host tracked the hack to subscriptions.php. I know there was a vulnerability in subscriptions.php before. I don't remember if it was in v3.8.x or 4.0.x.
     
  10. ProSportsForums

    ProSportsForums Regular Member

    Joined:
    Dec 25, 2012
    Messages:
    529
    Likes Received:
    232
    Location:
    St Petersburg, Florida
    Were they using a modification tied to subscriptions? I'm not familiar with an exploit vulnerability in the subscriptions.php script itself.
     
  11. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @AWS And another one here if this isn't the one you're talking about http://www.vbulletin.com/forum/foru...5610-hacked-again-this-time-by-w3-idiots-help
    No install and even when reinstalled and install remove it happened again. Typically no one, server or vB has a clue.
    Then at the end of the thread another one bits the dust. Are there more holes/exploits no one is talking about and everyone is denying if and when incidents are reported ?
     
  12. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    The answer, IMO, is in the op's post

    By the time he deleted the install directory, he had already been hacked. I would say its likely they did more then just make extra admins.
     
    djbaxter and Brandon like this.
  13. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    Is that a fact? How would that happen?
     
  14. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    No not a fact, just speculating.

    How would what happen? Do you think he deleted the new admins the moment they were made admins? Or do you think the new admins would have had a little time to cause a breach.
     
    djbaxter likes this.
  15. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    I knew it was a waste of time asking you a question expecting an intelligent response but I thought it was worth a try seeing you present yourself as someone who knows what they are talking about. I guess not.
     
    Last edited: Sep 18, 2013
  16. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
  17. Paul M

    Paul M Dr Pepper Addict

    Joined:
    Jun 16, 2009
    Messages:
    449
    Likes Received:
    136
    Location:
    Nottingham, UK
    Dont feed him :)
     
  18. Big al

    Big al Regular Member

    Joined:
    May 14, 2013
    Messages:
    1,093
    Likes Received:
    415
    Location:
    OZ
    @Paul M.
    LOL.
     

Share This Page