vb.org Archive
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Why the silence? (https://vborg.vbsupport.ru/showthread.php?t=304565)

ozzy47 11-16-2013 11:35 AM
I really need to read more, or sleep more, I swear, all the text starts to look the same after awhile. :)

Max Taxable 11-16-2013 02:56 PM
Interestingly, (Or perhaps not) I did a page source code reading of vB dot org while it was down. It showed a 101 error on the server, server down. As with maintenance. There was NO evidence of any "hacking."

Again - why didn't the script kiddies deface the site for their street cred? Why did they have to dummy up a screenshot for their claim?

Oh... Because it never happened.

findingpeace 11-16-2013 04:03 PM
Hi everyone,

I just wanted to stop by and make sure, we don't need to apply any patches or fixes to our sites, right? Still no vulnerabilities in 4.2.2?

Thanks very much

AndrewSimm 11-16-2013 04:07 PM
The best way to protect yourself is make sure you mods have safe passwords and comment out their ability to use HTML.

ozzy47 11-16-2013 04:13 PM
Quote:
Originally Posted by findingpeace (Post 2461130)
Hi everyone,

I just wanted to stop by and make sure, we don't need to apply any patches or fixes to our sites, right? Still no vulnerabilities in 4.2.2?

Thanks very much
No if you have the latest release, and deleted your install directory, you are fine. :)

Nirjonadda 11-16-2013 04:42 PM
Quote:
Originally Posted by ozzy47 (Post 2461136)
No if you have the latest release, and deleted your install directory, you are fine. :)
I can confirm with vB 4.2.2 Installation, You cannot access Admin Control Panel without Delete your install directory?

ozzy47 11-16-2013 04:45 PM
Yeah I believe they added that in there, instead of just making you just delete the file.

WEBDosser 11-16-2013 05:20 PM
So.. I have emails from vb.com asking to change my password and saying they where hacked.

--------------- Added [DATE]1384626102[/DATE] at [TIME]1384626102[/TIME] ---------------

take a look at vb.com cannot get in to change anything

ozzy47 11-16-2013 05:27 PM
Strange, I got in and changed my PW no problem, all I did was log in, using my old PW, and then changed it.

Max Taxable 11-16-2013 05:28 PM
Quote:
Originally Posted by WEBDosser (Post 2461166)
So.. I have emails from vb.com asking to change my password and saying they where hacked.

--------------- Added [DATE]1384626102[/DATE] at [TIME]1384626102[/TIME] ---------------

take a look at vb.com cannot get in to change anything
No problem on this end... And only email i have from them lately is a birthday greeting.

Simon Lloyd 11-16-2013 05:28 PM
Yeah vb.com gave out a duff link but if you login and go here go here http://www.vbulletin.com/forum/setti...ngs-module-top you'll be golden!

--------------- Added [DATE]1384626578[/DATE] at [TIME]1384626578[/TIME] ---------------

I got this from them a few minutes ago
Quote:
Originally Posted by customercare@vbulletin.com
This is an important message about your account.

We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
To regain access to your account:
1.Visit the vBulletin forums at http://www.vbulletin.com/settings/account
2.Enter in your existing password followed by your new password, twice for confirmation.
3.Save this page at the bottom.
Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.
If you have any additional questions or concerns, please feel free to contact our support team at http://www.vbulletin.com/go/techsupport or support@vbulletin.com.

Sincerely,

Wayne Luke,
vBulletin Lead Technical Support.

Helping You Build Better Communities,

AndrewSimm 11-16-2013 05:32 PM
It won't let me change my password on .com

Max Taxable 11-16-2013 05:39 PM
Few things are worse than and yet more humorous than, hax0r paranoia.

DoubleGlasses 11-16-2013 05:50 PM
So I'm jus wondering - I just got the email ( screenshot below) . Did this happen or not? I was sort of waiting to see if something would be posted in my admincp or something...

https://vborg.vbsupport.ru/external/2013/11/29.png

My gut was that this is a phishing email but I don't know....

MattGarner 11-16-2013 05:52 PM
Quote:
Originally Posted by DoubleGlasses (Post 2461182)
So I'm jus wondering - I just got the email ( screenshot below) . Did this happen or not? I was sort of waiting to see if something would be posted in my admincp or something...

https://vborg.vbsupport.ru/external/2013/11/29.png

My gut was that this is a phishing email but I don't know....
When you go to Vbulletin.com forum then you will have a notice saying they are forcing people to change their passwords. So I would say the email is somewhat legit.

ozzy47 11-16-2013 05:52 PM
Better off to be safe that sorry, But I would not follow the links in the email just to be safe, navigate to the site like you normally would.

WEBDosser 11-16-2013 06:01 PM
lol so they did get hacked.. haha

Amaury 11-16-2013 06:29 PM
I was asked to change my password when getting on just now because it's been 100 days and it therefore expired.

Must have been a recent change for security reasons, which I have no problems with, because I only update my passwords about every six months (twice a year), and I didn't get that message before.

Digital Jedi 11-16-2013 06:45 PM
So wait, they went ahead and sent out emails to change your password just to sate hacking paranoia?

dougdirac 11-16-2013 07:07 PM
Quote:
Originally Posted by AndrewSimm (Post 2461132)
The best way to protect yourself is make sure you mods have safe passwords and comment out their ability to use HTML.
How do I do that?

vbresults 11-16-2013 07:51 PM
Quote:
Originally Posted by Digital Jedi (Post 2461206)
So wait, they went ahead and sent out emails to change your password just to sate hacking paranoia?
You and I both know what's happening here, and it's not that. :(

TheLastSuperman 11-16-2013 07:59 PM
Quote:
Originally Posted by motorhaven (Post 2461003)
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.



Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
Hey bud, welcome to 2013... this is not the 1980's so continuing to spread rumors when you're not up to par on the situation and apparently do not know the full details or extent of said situation is simply not the right thing to do in my opinion... why do I say that?

Quote:
Originally Posted by motorhaven (Post 2460939)
There is a big difference between "making stuff up" and not having information which agrees with yours.
^ Case in point... I don't know the full extent of the situation and if I don't then neither do you so it does not matter if other information does not agree with "yours". Paul would know more then either of us - assumptions and justifications to what you see are fine but continuing to post them as rumors is not because at the time of your initial posts the most info we all had on this was that released by the so-called "hackers" and does everyone take what they say at face value? Pffffft I hope not so neither should you have see my point? :p

Quote:
Originally Posted by Digital Jedi (Post 2461206)
So wait, they went ahead and sent out emails to change your password just to sate hacking paranoia?
Apparently because Paul already stated they hacked a QA server... so yes ladies and gents if it was an old copy of vb.com database on that QA server and your passwords had not changed then common sense tells us that you need to change your passwords, do that regardless of what you read.

DO NOT USE THE SAME PASSWORD FOR EVERY SITE! Buy a cheap black ledger book from an office supply store/wal-mart etc and write down the passwords for each site, keep in your desk drawer for easy reference. You can also have your broswer remember passwords, I do the ledger book because if the right virus hits your pc then all that info is known as well.

TheLastSuperman 11-16-2013 08:00 PM
Quote:
Originally Posted by vbresults (Post 2461223)
You and I both know what's happening here, and it's not that. :(
You don't know neither does DJ :p.

Amaury 11-16-2013 08:15 PM
Quote:
Originally Posted by TheLastSuperman (Post 2461224)
DO NOT USE THE SAME PASSWORD FOR EVERY SITE!
I actually do this to an extent.

I use the same password for all sites I'm a member of (e.g., YouTube), However, on sites where I'm a staff member, such as KH-Flare, I use a different password, which is currently the only site I have a different password on. The other sites I'm staff on aren't big / don't have a lot on them at the moment, so I use the same password as places I'm of a member of, but it's a secure password. Then there are also sites that you're staff on, but you're only a sectional moderator that, of course, doesn't have access to the admin or moderator control, so it doesn't really matter.

I actually look at the security more than the uniqueness when it comes to passwords

hugh_ 11-16-2013 09:21 PM
What hasn't been disclosed and concerns me is whether the hackers had access to customer records and financial information, and the support system which must contain a large amount of fairly sensitive customer information...

Paul M 11-16-2013 10:01 PM
Not really sure what financial information you mean.

All the log files that were examined do not show any attemped access of customer data in the support system, they basically targeted the vb user table.

motorhaven 11-16-2013 10:44 PM
Quote:
Originally Posted by TheLastSuperman (Post 2461224)
Hey bud, welcome to 2013...
Welcome to I was right.

Quote:
this is not the 1980's so continuing to spread rumors when you're not up to par on the situation and apparently do not know the full details or extent of said situation is simply not the right thing to do in my opinion... why do I say that?
Had you followed all the resources out there about it you'd have seen there was than just screen shots. But you and others were too busy looking to defend VB rather than following and reading everything at the resources, such as the long thread over at Mac Rumors where there was plenty of info.

The right thing was not IB employees initially taking the Baghdad Bob role.

Max Taxable 11-16-2013 10:51 PM
Just to keep this clear...

No one has yet said vbulletin DOT COM wasn't possibly hacked. The meter was this site, vbulletin DOT ORG.

From the link in post #3, there is NO claim of vb dot org being part of this "hack." And many here have expressed their doubts a exploit for version 4 would also automatically mean this site which uses version 3 was also "hacked."

As far as I can tell, only the author of the first post is claiming it's also vB dot org which was "hacked."

There isn't one shred of proof of that and it's not even a claim the illiterate script kiddies with their dummied up screenshot and their "patch for sale" are even making.

New Joe 11-16-2013 11:17 PM
Just got this e mail:
Quote:
This is an important message about your account.

We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
To regain access to your account:

Visit the vBulletin forums at http://www.vbulletin.com/settings/account
Enter in your existing password followed by your new password, twice for confirmation.
Save this page at the bottom.
Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.
If you have any additional questions or concerns, please feel free to contact our support team at http://www.vbulletin.com/go/techsupport or support@vbulletin.com.

Sincerely,

Wayne Luke,
vBulletin Lead Technical Support.

Helping You Build Better Communities,

Chris8 11-16-2013 11:29 PM
So... can someone explain how exactly they hacked vb.com. Can we have some more detailed answers?

Paul M 11-16-2013 11:35 PM
Posts edited or removed.

I will repeat one more time, this thread is not for made up nonsense.

Stick to facts, dont go making things up.

Max Taxable 11-16-2013 11:38 PM
Quote:
Originally Posted by Chris8 (Post 2461260)
So... can someone explain how exactly they hacked vb.com. Can we have some more detailed answers?
In post number 3 of this thread you will find a link to a facebook posting where a "hacking" claim is made. Images in that link send you to dummied up screenshots that could be anything.

hugh_ 11-17-2013 12:28 AM
Quote:
Originally Posted by Paul M (Post 2461242)
Not really sure what financial information you mean.

All the log files that were examined do not show any attemped access of customer data in the support system, they basically targeted the vb user table.
Was this an SQL injection and not a hack or vulnerability?

motorhaven 11-17-2013 12:56 AM
Quote:
Originally Posted by Max Taxable (Post 2461256)
There isn't one shred of proof of that and it's not even a claim the illiterate script kiddies with their dummied up screenshot and their "patch for sale" are even making.
The screen shots the script kiddie provided show the VB.org database in the list.

Max Taxable 11-17-2013 01:00 AM
Quote:
Originally Posted by motorhaven (Post 2461282)
The screen shots the script kiddie provided show the VB.org database in the list.
I never saw that... I saw dummied up screenshots I could make for ya, to show anything I wanted you to see.

There was nothing at all about vB dot org in any of it.

motorhaven 11-17-2013 01:01 AM
Quote:
Originally Posted by Paul M (Post 2461262)
Posts edited or removed.

I will repeat one more time, this thread is not for made up nonsense.

Stick to facts, dont go making things up.
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.

Max Taxable 11-17-2013 01:03 AM
Quote:
Originally Posted by motorhaven (Post 2461287)
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.
Post #70 was edited by Paul, a post of mine was deleted....

You never answered my questions. Have you bought their "patch?" If not, why are you promoting it?

Paul M 11-17-2013 01:14 AM
Quote:
Originally Posted by hugh_ (Post 2461272)
Was this an SQL injection and not a hack or vulnerability?
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.

The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.

After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.

motorhaven 11-17-2013 01:16 AM
Quote:
Originally Posted by Max Taxable (Post 2461285)
I never saw that... I saw dummied up screenshots I could make for ya, to show anything I wanted you to see.

There was nothing at all about vB dot org in any of it.
VBulletin has acknowledged in the email they sent that systemS were hacked. In light of this this admission by VB the cracker's screenshot have credibility. Apparently credible enough for VBulletin.ORG to require everyone to change their password when logging in.

hugh_ 11-17-2013 01:25 AM
Quote:
Originally Posted by Paul M (Post 2461290)
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.

The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.

After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.
Thanks for the clarification Paul.


All times are GMT. The time now is 10:25 PM.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01453 seconds
  • Memory Usage 1,852KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (24)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete