No, I bought nothing from them. Not once have I promoted anything, where in the world did you get that from?

I posted here because the hack was mentioned on another site, Paul M. knew about it there, and yet even after this there was silence from VB com/org. I posted to bring it to light, in part because the last time VB stalled on getting the word out about hacks thousands of VBulletin based sites got hacked.

Paul M. acknowledged the hackers gained access to vb.org's database. That makes you wrong.

Enough of the bickering, this is not the school playground.

I have made it quite clear what is known.
If you have genuine, sensible, questions to ask, or things to say you are are welcome, any more childish arguments and untruths will be removed.

No you were not right, mistaken possibly... while assuming too much it seems.

Well now a plain run of the mill fashion script kiddie could not do this, it was someone w/ knowledge and expertise enough to know where to look and what to look for and how to "dig" for it.

The reason why is your spreading rumors and paranoia around like wildfire which is causing panic if nothing else. Paul said a QA server was hacked, it had around 100 variations of old installs/database copies on it for testing purposes so therefor it was best for vbulletin.com and vbulletin.org to have us all change our passwords.

Until we all know more lets try and be civil, sorry if I came across wrong initially motorhaven but my points are still valid i.e. you only know of this because of what you've read and you're not Paul nor anyone else on staff at vbulletin.com so you didn't know "for sure" at time of posting.

I changed my password here almost immediately (better safe than sorry!) yet when I logged in today I get told my password is more than 100 days old??

Is this normal behaviour Paul with this version of vb when password change is forced?

Last question, did or could the hacker have gotten our customer numbers and license numbers?

in canada we have laws where companies must immediately disclose they got hacked. Do you guys not have that down there in the states? seems like people are scared to put out an official declaration of what happened that can be verified by an audit by law punishable by jail or fines if lieing.

Many states have disclosure laws. California, where IB is based, does: SB 1386

Dude, you were epically wrong. All you knew was what they said. And what they said turned out to (surprise) not be entirely true. You even had the order of events all wrong.


Here's the thing. You found out about it the same day vB found out about it. Then asked why the silence. You didn't even give them a day to do basic research to find out if it was even true or actionable. This is why you got jumped on by the rest of us. We like a little proof with our outrage. And low-fat creamer.

So I have a question - is your account on vbulletin.com the same as your account on vbulletin.com/forum?

Because now I"m not even sure I have an account on vbulletin.com/forum - especially since I can't retrieve it...

no it is different and I would assume in a different database all together, but I don't know about the last part.

Paul already clarified this earlier in the thread.

So, no. They're two different accounts.

Thank you, ozzy!

--------------- Added [DATE]1384697544[/DATE] at [TIME]1384697544[/TIME] ---------------

Hi, upon entering this subforum (vB4 General Discussions), I was prompted with a password popup saying I needed to authenticate myself. Was this a server glitch, or is there still some sort of malicious / phishing code on the servers?

Thanks

--------------- Added [DATE]1384697599[/DATE] at [TIME]1384697599[/TIME] ---------------

Here is a screenshot

https://vborg.vbsupport.ru/external/2013/11/28.png

--------------- Added [DATE]1384697663[/DATE] at [TIME]1384697663[/TIME] ---------------

This is actually happening whenever I load any subforum. The rest of the site (threads, forum home, etc) don't seem to be effected.

Got the same here since this morning.

I would not enter anything in that box till we know what is going on.

I had it also, seems to have gone now.

Yeah I believe Lynne deleted the announcement that was causing the issue. :)

Cool

I have only asked for the details for which I believe I have the right as the customer who paid for the licenses and I have only pointed to the things you wrote yourself not assuming for sure anything. But you removed it from my post. Wow... you are hilarious vb team. The customer data is now stolen in a 3rd party hands and you try to silent CUSTOMERS who just ask for some details/support. Way to go... huh. Not nice.

If you feel you need clarification on Paul's decision, please do so in private.

1. Staff decisions are final. Ultimately, staff has complete discretion over what is and is not acceptable on the site.
2. Public discussions of staff decisions are not permitted on the site. If you have any concerns or queries relating to a staff decision, please take it up in private with a member of the site administration team.

I think a bit of some good manners applies to everyone, no?

That's not known for sure. Read paul's posts, what he says is what they know. he never said the customer data is in 3rd party hands.

Doesn't this post from Paul mean customer data is in 3rd party hands?

Apologies if I'm misreading, but if they read the user tables, then it's also likely they now have the data, right? Even if it's encrypted, that's a little scary to me. I hate the idea of my email address with a bunch of hackers. Freaks me out.

Yes thanks for pointing that out, that slipped by me. My apologies. It sure does sound like he is saying that.

Nope, Paul said that they targeted the user tables. The forum. Not customer data. Not the same thing.

Well I am a vBulletin customer, and it is my data :) I get what you are saying though, I'm just being a spaz - at least it's not our credit card or license info.

But the thing that is essentially concerning me now the most here in this whole mess actually is:
Supposedly if they had access to write/modify files on vb.com and vb.org servers (By the way, isn't it the same server? Or Vb.com is on separate server from Vb.org?) are all downloadable scripts, mods, templates safe? I mean, assuming they had that access they could for example change certain mods or themes code to put vulnerabilities into them so they can hack other websites powered by vbulletin later.

So, ideally if vb staff knows they had such access vb staff should do the diff of all downloadable content against the backups from the time before it happened to make sure people are safe when downloading and installing new content on their forums/servers.
Also I would be more calm if they (you - I guess people in charge/responsible for vb here read this) could make a statement assuring your customers that everything is safe and nothing was modified or if there was anything modified that you took care to fix it.

How did they crack the MySQL password - how is the QA server linked to the live DB?

I'd rather you elaborated on that, with an explanation of "we made a mistake/a config file was left on the QA server/something else etc" rather than leaving the possibility of a vB exploit open. Even if it was only a QA server hacked, how did they then escalate that to the live DB?

If you re-read Paul's explanation, you'll see nothing was modified. vB.org tables were read, not modified. And the only tables read were user tables.

Adminer lets you manage database files from one file. I've not used it, but if they had a bunch of cloned databases to look at, it was probably simple reverse engineering.

The databases are on a different server than the files (typical setup if you have more than one server).

So how did they crack the the live DB MySQL? Was the password listed somewhere on the QA server or do you not know how it was done?

Paul said
"They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.".

If they broke into the server, the QA DB password could be gleaned by the vB config file. Hopefully it wasn't the same db user and password in use for vB.com or vB.org.

In the past, the QA team has copied the vb.com live database (or parts of it) to one of their servers, and tested installations.

Maybe that was done, and the db userid's/passwords were brought along with them. That would have given them access to the vb.com DB.

But I would think the vb.com DB has restricted access via the hosts table or something.

They are not the same user or password, and never have been.
We have an idea how they may have got the details, and its not via anything vbulletin related.

Was my question not worth answering? This hack is being reported in mainstream tech media, and vB can't be bothered to give proper answers or alleviate concerns?

http://arstechnica.com/security/2013...0-day-attacks/

Arasetechia is mainstream tech media?

I still don't understand what additional information you want/need. I doubt they'll give you the exact method.

Why do people keep trying to find ways to give VB passes on this?

Needing to know if the hack was due to an exploit in VB itself is a hugely legitimate concern.

Is Information Week mainstream tech enough for you? http://www.informationweek.com/secur...d/d-id/1112660

If not, how about PC World? http://www.pcworld.com/article/20644...ort-forum.html

Paul said in post #111 the recent issues are not vBulletin related.

No he doesn't - he says IB might have an idea of how the attacks may have been attempted.

Do you only read what you think you see or what is actually there. "And its not anything vbulletin related."

Part of IBs great plan to be offensive to customers? This is a serious issue, and I'm asking legitimate questions. Please don't insult me.

Paul's post does not say that the hack wasn't caused by a vB exploit - it says IB may have an idea about something that might have caused the hack. It then says what they're looking into isn't a vB exploit.

That isn't the same as saying the hack wasn't caused by a vB exploit. Unless Paul gives us more information, we don't really have any idea whether a new exploit was used. The level of communication from IB is so bad that not even media sources can get a straight answer on what's happening - are customers remotely valued by this company or have even the staff given up on the product?

I give up.

Think this thread has runs it's course as it's turning in to bickering which clouds the facts.