1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Vulnerability in 1.0.4?

Discussion in 'General XenForo Discussion and Feedback' started by bottiger, Oct 20, 2011.

  1. bottiger

    bottiger Active Member

    Today I had someone post on my Xenforo 1.0.4 forum saying


    He claims to be "TehWongZ" which with a google search appears to be someone afilliated with a group called antisec.

    Anyone have any comments on this?
  2. Slavik

    Slavik XenForo Moderator Staff Member

    Blowing smoke, just ignore.
  3. Digital Doctor

    Digital Doctor Well-Known Member

    The guy's main beef is the server isn't secure.
    He certainly provides no proof of the xenforo exploit. Nor the scope of the exploit.
  4. bottiger

    bottiger Active Member

    He specifically said

    My xenforo version is 1.0.4, the latest stable version.

    He then continues to blame me for not using cloudflare to hide the webserver.
  5. Onimua

    Onimua Well-Known Member

    Unless I'm misreading it, it sounds like he's saying the site is open to DDoS but that doesn't really have anything to do with the security of the site/software itself. :confused:
  6. bottiger

    bottiger Active Member

    I don't know why this is so hard for you guys to read the whole thing, but he specifically mentions a problem with Xenforo:

  7. Digital Doctor

    Digital Doctor Well-Known Member

    I said his main beef was the server.
    Ask him to provide the details of the exploit.
  8. Forsaken

    Forsaken Well-Known Member

    He's just your below average script kiddy who's flaunting an overgrown ego.
  9. bottiger

    bottiger Active Member

    Well I truly hope so.
  10. Forsaken

    Forsaken Well-Known Member

    If he were a real hacker, he wouldn't be talking about an 'underground hacking forum', as he'd be able to find a vulnerability by himself.

    He also wouldn't have called himself the "King of DDoS", when he has only 670 shells.
    RastaLulz, iTuN3r and Floris like this.
  11. SchmitzIT

    SchmitzIT Well-Known Member

    DDOS is to hacking as VB4 is to good forum software.
    Brett Peters likes this.
  12. iTuN3r

    iTuN3r Well-Known Member

    This ! LoL no one goes around forums and threaten like that . if they were serious enough they would had taken site down .
  13. KozmoK

    KozmoK Active Member

    Believe me if the kid had an exploit, he would of used it, and not warned you through a post...
  14. Floris

    Floris Guest

    What's next, give him $5000 or he starts a DDoS? Inform the hosting provider, back up the site, create a fall-over and remove the thread / threat from public view and moderate new registrations after you block him. It's not worth the time and money.
  15. bottiger

    bottiger Active Member

    He just sent me this PM after I asked him for the exploit.

  16. Caelum

    Caelum Well-Known Member

    Rule #1 of Anonymous: Anonymous is not your personal army. He's just blowing off steam. :p
  17. Disrelation

    Disrelation Active Member

    I say to not under estimate him but if there was an actual vulnerability in the software, don't you think he would use the vulnerability instead of making threats to DDoS your server? Which, by the way, isn't very hard to do and takes no skill to accomplish.
  18. Forsaken

    Forsaken Well-Known Member

    670 server DDoS = the equivalent to a baby slapping you. With a feather.
    Alfa1 likes this.
  19. Disrelation

    Disrelation Active Member

    Would you like some baby powder with that?

    Back to the topic at hand, I recommend you just keep your guard up just incase. I'm sure you rather be on the safe side of things to ensure, there is no really threat other than babies with feathers, slapping you.
  20. Shamil

    Shamil Well-Known Member

    Funny that, I've quite literally just returned from IP Expo in London, and I attended a seminar: DDoS: kill or be killed.
    Unfortunately, the speaker didn't know that Lutz Sec was Lulz Sec.
    RastaLulz likes this.

Share This Page