This post is justification for no-info. Your point has not fallen on deaf ears though, likewise I hope mine hasn't.

My point is ==> people now know there's an exploit. You may as well publish the details, so that those of us who can take care of the issue ourselves may do so, instead of having to wait hours, days, weeks, months, never ((hopefully not)) for the modification author to release a fix.

As it is though - I've just received the quarantine email, which for all intents and purposes could have simply been a nice vBulletin-ized photo of a man in red cape flipping the middle finger = no use to anyone. Just a little trivial something that irks our nerves.

We may as well have hoped for a crystal ball in which to read the minds of those who know the exploit particulars....so that we may take action!

J.

--------------- Added [DATE]1314661557[/DATE] at [TIME]1314661557[/TIME] ---------------

in other news ==> now would be as good as time as ever to do a complete site backup LOL... So off I go...

The email had suggestions on what you should do, and you should follow the actions suggested.

If you want to call it useless that is your call, but it was pretty specific on what you should do until the issue is resolved.

Previous quarantine email messages that were useful:

Today's quarantine email notice:

Security through obscurity doesn't work. I would argue the language you now think is far more suitable to use is actually going to result in more people shrugging their shoulders and ignoring your notices. And as a result, more vB forums will get hacked.

may of 2010..
there was a update intended but never released
I guess he never fixed those issues because it was never released..
I sure hope he can post a fix for the issue at hand for everyone still using it..

That email was BALONEY! And to suggest that it wasn't is even more ridiculous than that brief (useless) burp of an email notification...

Now - before we get all defensive ==> There is not anyone in this thread who wants to argue -- except for me perhaps haha. But rather - our posts tend to be suggestive of a better way for vBulletin.org to handle quarantined/exploited/blablabla modifications as concerns it's paying customer base!

Right now - it's obvious that vBulletin.org as an entity doesn't give a flying _______.
((whatever horrible or not-so-horrible word you can think of will likely fit in the blank space))

J.

Seriously Jacquii? I (and most of the rest of the staff) are here as volunteers. We are using our own time and energy to keep vBulletin modifications safe for everyone. Even confirming it is an exploit might give people ideas and risk the security of everyone who has this installed.

Regardless of the reason the e-mail contains the suggested course of action (disable the mod). I will not have any pity for those who received the email and chose to ignore it. If anyone is that interested in fixing the mod itself then review the code and fix any exploits you find- no one is stopping you. That goes for every mod here, quarantined or not.

Drama queens everywhere.... Glad to see my board is not the only one. Of course, I knew that already.

My board is still at 3.7.2 and I haven't updated my arcade in about three years because I was dealing with a serious illness...does this exploit affect my board?

I know this is a dumb question but I'm not sure what's going on here...

edited - oh and I did disable it...I learned my lesson from the vbPlaza exploit that destroyed my board in 2007...

I'll await instructions from those who know. Thank you for sending me an email (I know it's general mail) and I appreciate it...

FWIW, thanks for the heads-up. Much appreciated.

Paul posted this in another thread but it is worthy of reposting.

https://vborg.vbsupport.ru/info.php?do=security

This is the procedure on when a mod is quarantined and it shows the possible outcomes and options we have.