1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

So come on, own up, who hacked vBulletin from here?

Discussion in 'Off Topic' started by mrGTB, May 10, 2011.

Thread Status:
Not open for further replies.
  1. mrGTB

    mrGTB Well-Known Member

  2. Sadik B

    Sadik B Well-Known Member

    I presume that you are joking. But even in jest such a thread title on a different company's forums for problems of a rival should not be made.
  3. Peggy

    Peggy Well-Known Member

    That's pretty stupid. I can't believe someone actually posted that.

    Oh wait, what am I saying....... o_O
  4. Fufu

    Fufu Well-Known Member

  5. Phil Conway

    Phil Conway Active Member

    It's weird, but I suppose that whole thread shows how many people never realised that an addon could be exploited. They were all blaming the VB software until a few users made a link to that cyb advanced forum rules mod.

    I got caught out the hard way with keeping my scripts and stuff up to date - we use Podcast Generator as part of our site, and an exploit was found in that software that allowed privilege escalation. Someone used it to quietly hijack my server, I only noticed when I saw extra IRC sessions opening up and an increase in bandwidth use. Luckily I knew my way around linux well enough to work out what they'd done, how they'd got in, and to close the hole.

    Ever since then I've subscribed to update mailing lists for everything I run on a box exposed to the net, and I make a habit out of checking the author's websites on a regular basis to confirm I'm running the most recent version and there's no issues with it. I only install third-party addons for my sites where there is no alternative.

    A daily running backup of my SQL databases (with the last 5 backups archived) to another box is also worth doing, in case someone does manage to get onto our box with a 0-day exploit...
    Lawrence likes this.
  6. mrGTB

    mrGTB Well-Known Member

    CBY wasn't your average run of the mill mod releaser, he was well respected as being one the best at vB.org and why so many used his mods that's resulted in many forums getting hacked. Anyone can make a mistake and that seems to be what's happened here, but it went unnoticed for 4 years Paul.M pointed out.

    Prime example also of why you should be very wary about using 3rd Party mods
    Phil Conway likes this.
  7. Fufu

    Fufu Well-Known Member

    It takes hard-work to build a good reputation, but only a few seconds to destroy it.
    I wish Cyb (Valter) the best.
  8. Peggy

    Peggy Well-Known Member

    Saeed, Kim, Jethro and 3 others like this.
  9. Jethro

    Jethro Well-Known Member

    It's a post by an idiot who has spent way too long reading conspiracy theories ... or it could be the Vice President of Silly Statements for IB, who would know with this interweb thing.
    tickedon likes this.
  10. akia

    akia Well-Known Member

    And this incident just goes to illustrate the point of why people prefer for the main developers to release stuff and not reley on add ons, which some people seem to think is better over here like in the cms thread etc.
    whynot likes this.
  11. Onimua

    Onimua Well-Known Member

    Yes because exploits just as bad never happen to them, only to 3rd party developers. :p

    It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.
  12. ManagerJosh

    ManagerJosh Well-Known Member

    I think it's the dreaded "this is unsupported, please go ask someone else" written off attitude is what was a bit disturbing. The impression I got was that it was most definitely not vBulletin's fault because you have third-party mods installed and since you have those, it must be the fault of those mods.

    That impression somewhat wasn't what I'd like as it would have been nice to for some validation to occur before making such claims. Imagine if it was not the mods but indeed the application itself. Talk about "Open mouth, insert foot".

    Disclaimer: It was an impression, not necessary what was the outcome. There could have very well been developers who looked it over and concluded it was a third-party mod
  13. Jethro

    Jethro Well-Known Member

    I believe phpBB users might point to a certain issue with that product a couple of years ago that had nothing to do with 3rd party developers. Note the forum companies have a tendency to blame modders, skinners, and about anyone else for issues, without first checking what might actually be causing the issue. At least that was how another company approached things.

    Pleased to note xenForo aren't jumping on this approach :)
  14. SilverCircle

    SilverCircle Well-Known Member

    Or secure your site with something like http://phpids.org/ which will catch *most* common attacks.
  15. OSS 117

    OSS 117 Well-Known Member

    Another infamous thread by the dubious MrGTB.
    mrGTB, Forsaken and Peggy like this.
  16. Mikey

    Mikey Well-Known Member

    I have not read the whole thread, or the link, or any posts, nor do I care who made the post and who made the threads or whatever.. but meh. **** it. here is what I have to say:

    look, another thread about vbulletin.com on xenforo.com.

    Why don't we just keep the two sites separate? Life would be a whole lot nicer, simpler, and easier. You're on XenForo now, enjoy the non buggy ride.

  17. Mike

    Mike XenForo Developer Staff Member

    This thread is now going in an unsurprising direction, isn't it?
    Vodkaholic, Mikey and a legacy reborn like this.
Thread Status:
Not open for further replies.

Share This Page