vb.org Archive
Page 8 of 13 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Why the silence? (https://vborg.vbsupport.ru/showthread.php?t=304565)

Paul M 11-16-2013 11:35 PM
Posts edited or removed.

I will repeat one more time, this thread is not for made up nonsense.

Stick to facts, dont go making things up.

Max Taxable 11-16-2013 11:38 PM
Quote:
Originally Posted by Chris8 (Post 2461260)
So... can someone explain how exactly they hacked vb.com. Can we have some more detailed answers?
In post number 3 of this thread you will find a link to a facebook posting where a "hacking" claim is made. Images in that link send you to dummied up screenshots that could be anything.

hugh_ 11-17-2013 12:28 AM
Quote:
Originally Posted by Paul M (Post 2461242)
Not really sure what financial information you mean.

All the log files that were examined do not show any attemped access of customer data in the support system, they basically targeted the vb user table.
Was this an SQL injection and not a hack or vulnerability?

motorhaven 11-17-2013 12:56 AM
Quote:
Originally Posted by Max Taxable (Post 2461256)
There isn't one shred of proof of that and it's not even a claim the illiterate script kiddies with their dummied up screenshot and their "patch for sale" are even making.
The screen shots the script kiddie provided show the VB.org database in the list.

Max Taxable 11-17-2013 01:00 AM
Quote:
Originally Posted by motorhaven (Post 2461282)
The screen shots the script kiddie provided show the VB.org database in the list.
I never saw that... I saw dummied up screenshots I could make for ya, to show anything I wanted you to see.

There was nothing at all about vB dot org in any of it.

motorhaven 11-17-2013 01:01 AM
Quote:
Originally Posted by Paul M (Post 2461262)
Posts edited or removed.

I will repeat one more time, this thread is not for made up nonsense.

Stick to facts, dont go making things up.
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.

Max Taxable 11-17-2013 01:03 AM
Quote:
Originally Posted by motorhaven (Post 2461287)
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.
Post #70 was edited by Paul, a post of mine was deleted....

You never answered my questions. Have you bought their "patch?" If not, why are you promoting it?

Paul M 11-17-2013 01:14 AM
Quote:
Originally Posted by hugh_ (Post 2461272)
Was this an SQL injection and not a hack or vulnerability?
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.

The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.

After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.

motorhaven 11-17-2013 01:16 AM
Quote:
Originally Posted by Max Taxable (Post 2461285)
I never saw that... I saw dummied up screenshots I could make for ya, to show anything I wanted you to see.

There was nothing at all about vB dot org in any of it.
VBulletin has acknowledged in the email they sent that systemS were hacked. In light of this this admission by VB the cracker's screenshot have credibility. Apparently credible enough for VBulletin.ORG to require everyone to change their password when logging in.

hugh_ 11-17-2013 01:25 AM
Quote:
Originally Posted by Paul M (Post 2461290)
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.

The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.

After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.
Thanks for the clarification Paul.


All times are GMT. The time now is 03:51 PM.
Page 8 of 13 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01270 seconds
  • Memory Usage 1,745KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete