I have no idea what it is. Could you please elaborate, any suggestions?

I hope or accounts are all safe do we need to change or passwords on all sites of vb

They should be safe if all they got were 1 minute of access. Not nearly enough time to do a mysql dump. If you're super paranoid about it, it can't hurt to be safe & change the login details.

Well dumping just the username, password, salt and email column of the user table shouldn't take too long. You can gather a lot of information in just 1 minute.

Let's hope vBulletin makes an announcement regarding this because I'm really curious what happened and what damage the "hackers" managed to do.

A lot can be done in one min

I would wait to change, if it's still showing as hacked we don't know what level of extent the hack was i.e. shell script uploaded? Logging user logins? No clue other than the defaced forum currently but point being no need to change if being logged or if still hacked.

Who says they wanted anything from the database? The whole point could have been to gain access and deface or some other motive. It's not always about getting info, sometimes it's about injection and other methods.

Paul is on vacation so someone else we be fixing this, with it being Halloween if they have kids... well not sure if they'll be in sooner or later on a Saturday. I would guess that others are lined up to take care of issues like this, they have someone looking at it already if I had to guess ;).

Yes it can, then again depends on who is in there during that one minute.

It's back up everyone :D.

So someone took the time to fix this on a Saturday, for that I'm thankful ;).

Edit: I spoke too soon! I was on this page when refreshing:
http://www.vbulletin.com/forum/forum...google-adsense

^Which does come up now, so it seems only the forumhome page remains defaced. Soon as someone is working on it else the thread would not be coming up now :cool:.

Betcha you were sweating when you noticed the VB5 owners beginning to form a mob and grabbing pitch forks. :eek: Just curious will you be our VB spokesperson for damage control?

Nah not really, tons of sites are hacked daily... granted someone with big basketballs tries to hack an official site either that or a very intelligent idiot which contrary to popular belief and contrary to being a contradiction in themselves do exist!

I will not be the spokesperson for damage control, I just moderate here on the org and do not work for vBulletin any longer (have not for a while now but great people there I will say that!). I just wanted to make sure everyone was ok here with what was going on there and as you can see they're making progress already else that thread I linked to would still have the same message up instead of actual content.

We all need to wait for an official announcement before speculating too much. It's always over speculation and assumptions that lead to the naysayers and now-fanboys of other software to start bombing this thread with banter and one-sided comments about the software's flaws and other tidbits of utterly useless information when they don't know anything until vB discloses it.

So please don't assume or speculate in a negative way - opinions are just that but overextending your imagination only works well with toys ;).

Well, I think you're doing a wonderful job and have been extremely helpful.

Thanks,
William