vb.org Archive
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   Vbulletin.com hacked (https://vborg.vbsupport.ru/showthread.php?t=320673)

Paul M 11-04-2015 11:25 AM
I dont really see how thats relevant, ssh was not involved in this attack.

Skyrider 11-05-2015 11:13 AM
Quote:
Originally Posted by Paul M (Post 2558206)
I dont really see how thats relevant, ssh was not involved in this attack.
According to many sites, it was:

Quote:
5.x.x hacked by Coldzer0 today. Licences & database dumped, shell on server. vBulletin denied
and

Quote:
vBsecurity team from yesterday and they can’t catch it.

and here’s the most weird thing

they using F5 on there servers and didn’t detect my shell or even detecting my traffic
As such he had shell access. Hence my question still stands :).

squidsk 11-05-2015 02:13 PM
Quote:
Originally Posted by Skyrider (Post 2558270)
According to many sites, it was:



and



As such he had shell access. Hence my question still stands :).
You do realize that if due to the security issue he was able to execute arbitrary code on the server he could give himself shell access, so whether or not he ended up with shell access is irrelevant since it wasn't the shell access itself that was the access point for the breach, which is exactly what Paul was saying.

This would be like worrying about whether the door to your house is well enough protected when the thief came in from the window but was removing items from the door once they were inside.

Paul M 11-05-2015 02:19 PM
That was issuing shell commands from a php program, not quite the same as direct ssh access.

I dont think it would make our IT guys very happy if I were to start discussing what IB uses, so Im not going to.

TheLastSuperman 11-05-2015 08:23 PM
Quote:
Originally Posted by squidsk (Post 2558278)
This would be like worrying about whether the door to your house is well enough protected when the thief came in from the window but was removing items from the door once they were inside.
I'm only worried about how Santa has been coming in these past few years... we have no Chimney!


BAHAHAHAHAHAHA! Sorry, thought we could use some comic relief in here :cool:.

Maghrebia 12-14-2015 11:04 PM
Is this only for vb 5 happened? Is vb 4 safe?

RichieBoy67 12-15-2015 01:13 AM
Quote:
Originally Posted by Maghrebia (Post 2560478)
Is this only for vb 5 happened? Is vb 4 safe?
Use the latest patch and take precautions and I think it is very secure.

BirdOPrey5 12-15-2015 08:54 AM
The hack that spawned this thread was only against VB5. VB3 and VB4 were not vulnerable.

That said it is always important to stay up date on the latest patch/version for whatever branch you are using (3.x branch, 4.x branch. or 5.x branch.)

Emails occasionally don't get delivered so it's also a good idea to check the Announcements forum on vBulletin.com or the portal here to keep up with major announcements.


All times are GMT. The time now is 03:47 PM.
Page 4 of 4 « First 23 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01045 seconds
  • Memory Usage 1,733KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete