So come on, own up, who hacked vBulletin from here?

mrGTB · May 10, 2011

Read then link: http://www.vbulletin.com/forum/show...-please-help?p=2155343&viewfull=1#post2155343

We all know the staff changes vbulletin has gone through & the creation of xenforo and the bad blood between the two.
Could this be a way to get people to dis-trust vbulletin and switch over?

Sadik B · May 10, 2011

I presume that you are joking. But even in jest such a thread title on a different company's forums for problems of a rival should not be made.

Peggy · May 10, 2011

That's pretty stupid. I can't believe someone actually posted that.

Oh wait, what am I saying.......

Fufu · May 10, 2011

mrGTB said:
Read then link: http://www.vbulletin.com/forum/show...-please-help?p=2155343&viewfull=1#post2155343

best response here
http://www.vbulletin.com/forum/show...-please-help?p=2157080&viewfull=1#post2157080

Phil Conway · May 10, 2011

It's weird, but I suppose that whole thread shows how many people never realised that an addon could be exploited. They were all blaming the VB software until a few users made a link to that cyb advanced forum rules mod.

I got caught out the hard way with keeping my scripts and stuff up to date - we use Podcast Generator as part of our site, and an exploit was found in that software that allowed privilege escalation. Someone used it to quietly hijack my server, I only noticed when I saw extra IRC sessions opening up and an increase in bandwidth use. Luckily I knew my way around linux well enough to work out what they'd done, how they'd got in, and to close the hole.

Ever since then I've subscribed to update mailing lists for everything I run on a box exposed to the net, and I make a habit out of checking the author's websites on a regular basis to confirm I'm running the most recent version and there's no issues with it. I only install third-party addons for my sites where there is no alternative.

A daily running backup of my SQL databases (with the last 5 backups archived) to another box is also worth doing, in case someone does manage to get onto our box with a 0-day exploit...

mrGTB · May 10, 2011

CBY wasn't your average run of the mill mod releaser, he was well respected as being one the best at vB.org and why so many used his mods that's resulted in many forums getting hacked. Anyone can make a mistake and that seems to be what's happened here, but it went unnoticed for 4 years Paul.M pointed out.

Prime example also of why you should be very wary about using 3rd Party mods

Fufu · May 10, 2011

mrGTB said:
CBY wasn't your average run of the mill mod releaser, he was well respected as being one the best at vB.org and why so many used his mods that's resulted in many forums getting hacked. Anyone can make a mistake and that seems to be what's happened here, but it went unnoticed for 4 years Paul.M pointed out.

It takes hard-work to build a good reputation, but only a few seconds to destroy it.
I wish Cyb (Valter) the best.

Peggy · May 10, 2011

Fufu said:
best response here
http://www.vbulletin.com/forum/show...-please-help?p=2157080&viewfull=1#post2157080

That was me.

Jethro · May 10, 2011

sadikb said:
I presume that you are joking. But even in jest such a thread title on a different company's forums for problems of a rival should not be made.

It's a post by an idiot who has spent way too long reading conspiracy theories ... or it could be the Vice President of Silly Statements for IB, who would know with this interweb thing.

akia · May 10, 2011

And this incident just goes to illustrate the point of why people prefer for the main developers to release stuff and not reley on add ons, which some people seem to think is better over here like in the cms thread etc.

Onimua · May 10, 2011

akia said:
And this incident just goes to illustrate the point of why people prefer for the main developers to release stuff and not reley on add ons, which some people seem to think is better over here like in the cms thread etc.

Yes because exploits just as bad never happen to them, only to 3rd party developers.

It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.

ManagerJosh · May 10, 2011

Onimua said:
Yes because exploits just as bad never happen to them, only to 3rd party developers.

It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.

I think it's the dreaded "this is unsupported, please go ask someone else" written off attitude is what was a bit disturbing. The impression I got was that it was most definitely not vBulletin's fault because you have third-party mods installed and since you have those, it must be the fault of those mods.

That impression somewhat wasn't what I'd like as it would have been nice to for some validation to occur before making such claims. Imagine if it was not the mods but indeed the application itself. Talk about "Open mouth, insert foot".

Disclaimer: It was an impression, not necessary what was the outcome. There could have very well been developers who looked it over and concluded it was a third-party mod

Jethro · May 10, 2011

Onimua said:
Yes because exploits just as bad never happen to them, only to 3rd party developers.

It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.

I believe phpBB users might point to a certain issue with that product a couple of years ago that had nothing to do with 3rd party developers. Note the forum companies have a tendency to blame modders, skinners, and about anyone else for issues, without first checking what might actually be causing the issue. At least that was how another company approached things.

Pleased to note xenForo aren't jumping on this approach

SilverCircle · May 10, 2011

Onimua said:
Yes because exploits just as bad never happen to them, only to 3rd party developers.

It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.

Or secure your site with something like http://phpids.org/ which will catch *most* common attacks.

OSS 117 · May 11, 2011

Another infamous thread by the dubious MrGTB.

Mikey · May 11, 2011

I have not read the whole thread, or the link, or any posts, nor do I care who made the post and who made the threads or whatever.. but meh. **** it. here is what I have to say:

look, another thread about vbulletin.com on xenforo.com.

Why don't we just keep the two sites separate? Life would be a whole lot nicer, simpler, and easier. You're on XenForo now, enjoy the non buggy ride.

Yay

Mike · May 11, 2011

This thread is now going in an unsurprising direction, isn't it?

So come on, own up, who hacked vBulletin from here?

mrGTB

Well-known member

Sadik B

Well-known member

Peggy

Well-known member

Fufu

Well-known member

Phil Conway

Active member

mrGTB

Well-known member

Fufu

Well-known member

Peggy

Well-known member

Jethro

Well-known member

akia

Well-known member

Onimua

Well-known member

ManagerJosh

Well-known member

Jethro

Well-known member

SilverCircle

Well-known member

OSS 117

Well-known member

Mikey

Well-known member

Mike

XenForo developer

Similar threads

We value your privacy