I don't necessarily agree with the idea that ALL code is susceptible to exploits. It depends on what the code does.

Sorry for the misinterpretation. What I intended to convey was that it's NOT just hacks and mods that are susceptible to being hacked...so removing all mods won't unilaterally make a site safe. This exploit could just as easily have been found in the base vBulletin code; or even an exploit in coding within the server OS, etc.

Vigilance in keeping up to date on ALL software patches & updates is still needed to have any real security; and even then - there's ALWAYS a risk.

Daily back-ups is your only real security.

Haha that would be appropriate wouldn't it? lol At least some of us still see a lighter side.

Just lets not jump at the developers throat, like aquariumpros said the issue couldve come from anywhere. It's unfortunate that it was Valter who was the one in the primary line of fire this time. Fundamentally the web is worse than reality as far as safety is concerned so what more do we argue from there?

Boofo is right. Not everything is evil but there is always someone trying to better something that causes an addition that is slightly overlooked. But if we said ok Windows 98 is the shit we dont need to go anywhere from here or worse if apple said ok iMac thats it weve done perfect lets not screw it up where would we be today?

In that same light no add-ons at all would be similar to saying ok Im born. I'm vanilla there are viruses and germs out there so I'm going to build a sanitized glass orb and live in it the rest of my life. But in a funny kind of way VB allows backups that make risks a little manageable. Life doesn't really give us that option in the ideal form does it? Something to ponder. Make use of it I'm sure its been said a gazillion times before.

You also have to remember how long Valter's mod was out before it got exploited. All it takes is someone playing around with something long enough to find a way around certain things. Valter is an excellent coder that caught an unlucky break that could happen to any one of us.

+100

Well, it couldn't happen to me, but it could happen to all the rest of the coders. ;)

So true ;).






































:p

Would that allow them to upload outside of the forum directory? That is what they did to me. The forum directory resides withing my public_html (user/public_html/forums) they uploaded files to (user/public_html). I suspect this issue goes deeper than everybody thinks.

If they upload a shell type of script then it's pretty much out the door imo.

http://en.wikipedia.org/wiki/Shell_script

Lol Boofo. But thats the thing with people. You'd use something for years and the minute something goes wrong you scream at shout and burn it to the ground. Sad reality.

Nickbe from following the issue quite closely if they get into the sql from there uploading content etc to your home directory is peanuts apparently.(if I recall that bit of info correctly) Well fundamentally its the maximum that can be done isn't it? Unless it escalates to your hosts and whole server getting hacked. That is unlikely I suspect? A vulnerability always results in either losing admin rights of a board, your files being erased or your account used to host the hackers files on the sly. But this seems to be more of a bragging rights venture by the looks of it ? I guess all the small time hackers will pick up on the yet unpatched board and continue the mischief.