I just recently updated to 3.6.6 and I got exploited.

All my threads got renamed to tom and the first post has a picture of tom and a subtitled saying: "owned by tom"

Is there any additional security hacks I can install. It is really getting on my nerves.

Please Help

This probably isn't vBulletin. Maybe one of your hacks.

Make sure that you and your admins use strong passwords.. Also, check that any other software being run on the server is up-to-date.

It's highly unlikely that it's a security issue with vBulletin 3.6.6

Hmm I have two hacks installed. HideHack + The Statistic hack. That is all.

I did a login history in Direct Admin, nothing it is just me.

I believe this is a VB Exploit that is currently out.

If it is, report it on vB.com? If it's just you, maybe someone logged in under you. Check the Admin Logs.

It's highly unlikely that it's a security issue with vBulletin 3.6.6Ha, I retract that statement..

An XSS calendar exploit was just discovered.

Well everyone I HATE TO SAY I TOLD YOU SO!!:

vBulletin 3.6.7

As much as we hate to spring another upgrade on you all so soon after the release of vBulletin 3.6.6, an XSS flaw was identified today and in order to maintain our commitment to fix security problems as soon as we become aware of them, we have to release 3.6.7 and a patch for older versions.

Err, Do you have any backups?

Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.

Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version.

ALWAYS BACK UP - Lesson well learned.

Wow !

Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.

Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version.

ALWAYS BACK UP - Lesson well learned.

Thats a ton of users lost :erm:
Sorry for the loss

THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!

I would say not. Disable all your hacks and change FTP, cPanel, and MySQL passwords.

THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations. :)

Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!

Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!

:o
* Shazz looks into vbulletin.com

*sees patch for 3.6.7...

...oh bugger...

I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. :( the guy keeps doing it.

I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. :( the guy keeps doing it.

Did you read what Paul M posted a few posts ago?

What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations.

once you've been compromised you need to change all your admin and system (e.g. database, shell, etc) passwords.
there's a fair chance that your forum got compromised because of a weak admin password, otherwise there would be much more reported compromises.
all versions prior to 3.6.7 were exploitable, not just 3.6.6

Yea Shazz What proof you want? Screenshots of another person logged in as me, the admin?

Site being exploited 3,4 times. It is not a system issue, it is vb, the hacker is even playing games with me, he has many sites databases. He exploits them, logs in as admin, he gains acess to admincp and creates his back up, he has many ways.

I fully upgraded to 3.6.7 pl1, changed all my passwords. Poof, he does it again.

I was right about 3.6.6. also check the first post here, I discovered the hole in calendar. Cause he hacked that too.

Yea Shazz What proof you want? Screenshots of another person logged in as me, the admin?

Site being exploited 3,4 times. It is not a system issue, it is vb, the hacker is even playing games with me, he has many sites databases. He exploits them, logs in as admin, he gains acess to admincp and creates his back up, he has many ways.

I fully upgraded to 3.6.7 pl1, changed all my passwords. Poof, he does it again.

I was right about 3.6.6. also check the first post here, I discovered the hole in calendar. Cause he hacked that too.

Not to seem rude, as I am new to vB. But...I've been running sites for a while now and work for a software developer that produces web based applications, so I'm not a complete novice when it comes to things like site security. There is no forum software that is 100% hacker proof, but you seem to care more about trashing vB than you do about actually helping the community protect itself from a potential exploit.

vB has a nice sticky post in their quick tips and customization section called "How To Make My Forums More Secure (http://www.vbulletin.com/forum/showthread.php?t=194701)". If he's continuing to get in to your admin cp, there's something going on. Maybe you haven't taken proper steps to secure it or maybe you have a key logger on your own computer and keep inadvertently giving your passwords to him.

Since you single handedly identified the calendar exploit before anyone else, maybe you can present evidence of the hole in 3.6.7 PL1 that is causing your site to get hacked instead of just ranting that there's a new, unidentified exploit. :confused:

why not change where the admincp folder lies and then just edit the config.php
If you have issues and know how they are getting in the get the log files from the FTP and let vbulletin know

Sounds more like you got keylogged than exploited.

this was most likely an XSS exploit .

smells like B.S. to me.

ever heard of .htaccess protection on your directories? ;)