Alright, I know this exploit is probably leveraged through a hole in VBSEO, but wouldn't it be a good idea to perhaps make VBulletin customers aware of the security issue? I have stumbled upon eight forums affected by this exploit over the past 3 weeks (since I was infected myself) and that's without going out of my way. Each of these forums had VBSEO installed.

VBSEO staff claims that sites without their software installed are also affected, but I've yet to see any. I think the latest incarnation of this exploit targets VBSEO customers specifically. Their support forums are a complete mess of misinformation and finger-pointing, meanwhile the issue has not been decidedly resolved. Getting rid of this thing is extremely difficult.

If you're running VBSEO, it's probably a smart idea to check if you're infected. Clear cookies, run a search for your forums and click any random thread that comes up. You'll figure out immediately if you're affected.

Ive cleaned 5 forums in the past 4 weeks of infection from malware and alike , all of them are from boards of which the admins had not updated their VBSEO when they were told too via mass mail on security releases from VBSEO. They also had all of their plugins out of date and not running latest versions of anything. Also ignoring Qaurentined notices sent from VB.org .

There is only so much a community can do , unfortunately there is no cure for stupidity or " it will never happen to me syndrome"

Its not vbulletins fault that people dont take notice of important mails and it certainly isnt vbulletins fault for a 3rd party plugin which they have no control over.

I understand it can be frustrating but the majority of the cases that i come across on a daily basis are the fault of the site owner or host apart from the rare case which are infected before the 3rd party companies find out about the exploit.

Obviously VBSEO did mess up not long ago which didnt help things, but still its vbseo if anyone you should be preaching to rather than a company that has nothing to do with 3rd party plugins

Ive cleaned 5 forums in the past 4 weeks of infection from malware and alike , all of them are from boards of which the admins had not updated their VBSEO when they were told too via mass mail on security releases from VBSEO. They also had all of their plugins out of date and not running latest versions of anything. Also ignoring Qaurentined notices sent from VB.org .

There is only so much a community can do , unfortunately there is no cure for stupidity or " it will never happen to me syndrome"

Its not vbulletins fault that people dont take notice of important mails and it certainly isnt vbulletins fault for a 3rd party plugin which they have no control over.

I understand it can be frustrating but the majority of the cases that i come across on a daily basis are the fault of the site owner or host apart from the rare case which are infected before the 3rd party companies find out about the exploit.

Obviously VBSEO did mess up not long ago which didnt help things, but still its vbseo if anyone you should be preaching to rather than a company that has nothing to do with 3rd party plugins

You're absolutely correct that VBulletin is not at fault. There are plenty of unsafe mods/add-ons out there. I think VBSEO should get special consideration though, since it's one (if not THE) biggest and most popular mod. It's not like you can just turn off the damn thing either.

I wouldn't call the affected forum owners "stupid". 3.6.0 (the latest VBSEO) is vulnerable. Maybe not its latest update, but all I ever ran was 3.6.0 and I was hit. Skilled coders and forum owners are affected as well.

Your right , I apologies they are not stupid, perhaps nieve or misinformed of how serious it can be for not only them but their users.

Personally i can relate to your point , but as a business owner i cant see any viable reason for vbulletin to pick up the pieces of a product of which they dont benefit directly from.

I would imagine as far as vbulletin are concerned they have built in SEO functions so thats as far as they go, we all know that VBSEO is a pretty amazing product and i for one would not want vbulletin going into direct competition with them, infact i already think they have gone too far with the friendly URL's because they are entering a sector which at the time they knew nothing about.

Leave it to the people that know what they are doing.................vbseo

As i said i know your frustrations but i think your fighting a loosing battle. :)

Your right , I apologies they are not stupid, perhaps nieve or misinformed of how serious it can be for not only them but their users.

Personally i can relate to your point , but as a business owner i cant see any viable reason for vbulletin to pick up the pieces of a product of which they dont benefit directly from.

I would imagine as far as vbulletin are concerned they have built in SEO functions so thats as far as they go, we all know that VBSEO is a pretty amazing product and i for one would not want vbulletin going into direct competition with them, infact i already think they have gone too far with the friendly URL's because they are entering a sector which at the time they knew nothing about.

Leave it to the people that know what they are doing.................vbseo

As i said i know your frustrations but i think your fighting a loosing battle. :)

You make valid points, though I think you would be interested in this (https://www.vbulletin.com/forum/showthread.php/398396-Security-Vulnerabilities-Found-in-Popular-vBulletin-Addons?p=2276434#post2276434).

You make valid points, though I think you would be interested in this (https://www.vbulletin.com/forum/showthread.php/398396-Security-Vulnerabilities-Found-in-Popular-vBulletin-Addons?p=2276434#post2276434).

Yeah Dragon Byte have been more than active on that situation and would imagine they are the ones that asked vbulletin.com to publish it, They have even gone to the extent of hiring a security expert to audit their modifications.

I think ive received the best part of 5 emails from Dragon Byte this week alone. They are also on pretty much every forum you can think of getting the word out. .

vBulletin did make an announcement about the latest vbseo security patch release - https://www.vbulletin.com/forum/showthread.php/395034-vbSEO-Security-Patch-Release And they also have a thread about the recent security vulnerabilities found in some mods here - https://www.vbulletin.com/forum/showthread.php/398396-Security-Vulnerabilities-Found-in-Popular-vBulletin-Addons

vBulletin can only do so much regarding security problems in third party modifications.