Vulnerability in 1.0.4?

The guy's main beef is the server isn't secure.
He certainly provides no proof of the xenforo exploit. Nor the scope of the exploit.
 
The guy's main beef is the server isn't secure.
He certainly provides no proof of the xenforo exploit. Nor the scope of the exploit.

He specifically said

I started off by noticing that the adins don't update the forums software (XenForo) as frequently they should. I then found a vulnerability in the current update of the software on a underground hacking forums i use.

My xenforo version is 1.0.4, the latest stable version.

He then continues to blame me for not using cloudflare to hide the webserver.
 
Unless I'm misreading it, it sounds like he's saying the site is open to DDoS but that doesn't really have anything to do with the security of the site/software itself. :confused:
 
The guy's main beef is the server isn't secure.
He certainly provides no proof of the xenforo exploit. Nor the scope of the exploit.

Unless I'm misreading it, it sounds like he's saying the site is open to DDoS but that doesn't really have anything to do with the security of the site/software itself. :confused:

I don't know why this is so hard for you guys to read the whole thing, but he specifically mentions a problem with Xenforo:

I started off by noticing that the adins don't update the forums software (XenForo) as frequently they should. I then found a vulnerability in the current update of the software on a underground hacking forums i use. This could mean, if you've been PM'ing people emails, personal details etc that the hackers could get there grubby doritos covered hands on them.
 
If he were a real hacker, he wouldn't be talking about an 'underground hacking forum', as he'd be able to find a vulnerability by himself.

He also wouldn't have called himself the "King of DDoS", when he has only 670 shells.

This ! LoL no one goes around forums and threaten like that . if they were serious enough they would had taken site down .
 
What's next, give him $5000 or he starts a DDoS? Inform the hosting provider, back up the site, create a fall-over and remove the thread / threat from public view and moderate new registrations after you block him. It's not worth the time and money.
 
He just sent me this PM after I asked him for the exploit.

and dude you think im guna help you? after you and your community just flamed me.. im just guna go post the vulnerability and your site in anonops once its back up now...
 
I say to not under estimate him but if there was an actual vulnerability in the software, don't you think he would use the vulnerability instead of making threats to DDoS your server? Which, by the way, isn't very hard to do and takes no skill to accomplish.
 
I say to not under estimate him but if there was an actual vulnerability in the software, don't you think he would use the vulnerability instead of making threats to DDoS your server? Which, by the way, isn't very hard to do and takes no skill to accomplish.
670 server DDoS = the equivalent to a baby slapping you. With a feather.
 
670 server DDoS = the equivalent to a baby slapping you. With a feather.
Would you like some baby powder with that?

Back to the topic at hand, I recommend you just keep your guard up just incase. I'm sure you rather be on the safe side of things to ensure, there is no really threat other than babies with feathers, slapping you.
 
Funny that, I've quite literally just returned from IP Expo in London, and I attended a seminar: DDoS: kill or be killed.
Unfortunately, the speaker didn't know that Lutz Sec was Lulz Sec.
 
Top Bottom