vBulletin 5 under active attack via a backdoor

[djbaxter]

High-severity vulnerability in vBulletin is being actively exploited

Devs push a fix for the flaw, but hackers are still hitting unpatched sites.

arstechnica.com

Just in case you are still on the fence about converting to Xenforo.

 

[Shelley]

Hasn't there been an active exploit since day 1? I'd need confirmation, but i'm sure they codenamed it "vbulletin 5".

 

[jmurrayhead]

This part made me chuckle a bit:

Fortunately, version 5x makes up less than 7% of active installations, according to W3techs, a site that surveys the software used across the Internet.

 

[whitetigergrowl]

This part made me chuckle a bit:

Wow that's bad. I think they should just kill what's left of VB at this point.

Either that or start over. Or hire better coders or something. After all these years it's only that much. That's beyond sad. No wonder they won't move to VB 6 anytime soon.

 

[jmurrayhead]

Wow that's bad. I think they should just kill what's left of VB at this point.

Either that or start over. Or hire better coders or something. After all these years it's only that much. That's beyond sad. No wonder they won't move to VB 6 anytime soon.

For those of us who started off with vB...or spent a lot of time on that platform...it's really sad going to their support forums. It's so dead there now. I check in every now and then...because that's just something I do with old sites I used to frequent. But anyway, they'd have to make some drastic changes to the way they do business. And it's going to be hard to win back trust after the last decade or so.

 

[Suzanne O]

Xenforo is better anyway. The staff are nicer here

 

[whitetigergrowl]

For those of us who started off with vB...or spent a lot of time on that platform...it's really sad going to their support forums. It's so dead there now. I check in every now and then...because that's just something I do with old sites I used to frequent. But anyway, they'd have to make some drastic changes to the way they do business. And it's going to be hard to win back trust after the last decade or so.

I agree. I do the same. I still try to hold out hope upon hope. The community there used to be so much more active.

Maybe one day someone will buy them back out and turn the Titanic away from that iceberg.

 

[Mendalla]

I have to say, the first large forum I joined was running VB for most of the time I've been on it (they switched to XF last year) and I was on a couple other VB forums at various times so it's kind of sad to see vBulletin going downhill like this. Still, XF has filled the niche and I much prefer it now so I'm not going to miss VB or anything.

 

[jmurrayhead]

I have to say, the first large forum I joined was running VB for most of the time I've been on it (they switched to XF last year) and I was on a couple other VB forums at various times so it's kind of sad to see vBulletin going downhill like this. Still, XF has filled the niche and I much prefer it now so I'm not going to miss VB or anything.

How are people enjoying the switch to XenForo on that forum?

 

[Mendalla]

How are people enjoying the switch to XenForo on that forum?

I've seen mixed reactions, which is what I expected. Some pleased with the improvements, some preferring things "the old way". I come and go and haven't been in their support forum much recently to see how it is going. I have some quibbles with some styling decisions they made but was very pleased that they adopted XF so I didn't have to keep two sets of how to do things in my mind when dancing around between boards as I am prone to doing.

 

[siONtI]

I just saw that a forum was hacked because of this attack ._.

On September 25th 2019, VBulletin, (the forum software Forum had previously been running) announced a critical security vulnerability in their forum software. Forum staff had planned to install a security update shortly after learning about the issue however our site was attacked quickly and our database was compromised. It is known that the attacker made off with at least the users table, containing user email addresses, password hashes (NOT plain text passwords), and last logged-in IP addresses. While VBulletin uses a strong password hashing function which is considered rather secure, it is theoretically possible given enough time and computing resources to brute force these password hashes. Because of this we highly recommend you change your password immediately on any account that uses the same email and password combination!

After this incident and after reviewing the security exploit itself, Forum staff has lost confidence in VBulletin as a software package and have migrated to XenForo. We've made the decision to start from scratch, neither users, or posts will be migrated from the old forum, and you will need to sign up for a new account.

Have I Been Pwned (@haveibeenpwned) | Twitter

The latest Tweets from Have I Been Pwned (@haveibeenpwned). Check if you have an email address or password that has been compromised in a data breach. Created and maintained by @troyhunt. Australia

twitter.com