My forum got hacked for the second time in last 12 months ... I was able to recover from backup restore and good help from my hosting folks ...

They gave me the below log this time ...


91.121.177.53 - - [23/Oct/2012:09:31:30 -0500] "POST /vbseocp.php HTTP/1.1" 200 1326 "-" "Mozilla/5.0 (Windows; I; Windows NT 5.1; ru; rv:1.9.2.13) Gecko/20100101 Firefox/4.0"


I need to work on permissions on the below one, which is my mistake which i should have foreseen,
Your config.xml is writable. Don't forget to update permissions after you finish updating the configuration for security purposes.

Below's what i want to discuss really in this thread from a security perspective,

Is our forum more vulnerable to Hackers, when our VBulletin version and VBSEO version is displayed in public ... Does it make it too easy a job for them to hack ?

For example, when i display my VBulletin version as 4.x at footer in copyright and the hacker sees it and knows its a vulnerable version ... He then works on it and eventually hacks it ...

If i can pay off for the copyright removal, then the Hacker needs to put in additional effort to figure out ways to hack (Is my assumption) ....

I am ready to pay off for copyright removal for VB and VBSEO if it means my chances of getting hacked gets reduced even a little ...

Experts on Security, please comment ....

There is no need to go that far, just do the following and it will remove the Version of vBulletin you are using and this is allowed.

go to "language and phrase" and search "Powered by" On the first phrase (powered_by_vbulletin) delete "Version {1}"

It sounds like you got "hacked" because you didn't secure your site..
You're also running an old version of vbulletin, and I'll assume your plugins need updated as well..

Your config.xml is writable. Don't forget to update permissions after you finish updating the configuration for security purposes.

It has nothing to do with the version being displayed, but you can hide that stuff without paying for copyright removal.