vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   VBulletin is not built for security (https://vborg.vbsupport.ru/showthread.php?t=281379)

Boofo 04-10-2012 04:18 PM

VBulletin is not built for security
 
Here is a quote from the following article (towards the bottom of the article):

http://www.foxnews.com/us/2012/04/10...down-al-qaeda/

Quote:

?VBulletin is not built for security but for rapid deployment and ease of use,? Bardin said. ?I am actually surprised that the sites have not been taken down by others and done so more frequently.?

Shazz 04-10-2012 04:23 PM

Getting in through modifications that have been installed and such. Even if the site is taken down, since security level must be *low*. That's what back-ups are in store for! :)

Wonder if Jelsoft could respond back...

vbenhancer 04-10-2012 04:27 PM

for a fact, real hackers are not using the frontend to hack servers... vBulletin is not a backend manager, so no, vBulletin is not built for security... morons!

Boofo 04-10-2012 04:34 PM

I thought it was interesting that those sites use vBulletin and that was the only bb software he mentioned in that article. You would think the vBulletin people would not want any part of groups like that by allowing them to use vb. Goes to show you that money is their only motive, huh?

vbenhancer 04-10-2012 05:20 PM

groups... why make selection...

btw, AlKaida do not need a license of vB... do you seriously think they would register at vb.com to pay a license... nah... but the reporter checked the software used on their site, that's all...

BirdOPrey5 04-10-2012 06:09 PM

Quote:

Originally Posted by Boofo (Post 2318732)
I thought it was interesting that those sites use vBulletin and that was the only bb software he mentioned in that article. You would think the vBulletin people would not want any part of groups like that by allowing them to use vb. Goes to show you that money is their only motive, huh?

I'm sure if Al Queda is using vbulletin it's a hacked version of the software- no way they could be doing legit business with a US Based company.

Pandemikk 04-10-2012 07:01 PM

Doh, Boofu. :D

Quote:

“[The Raptor] claims to have taken down the sites but, of course, it could be anyone. It could be the government, spooks, or even the site administrators themselves,” the source said.
Err... Spooks? Lol FixedNews strikes again!

I'm surprised that a "cyberterror expert" such as Bardin can make himself look so ignorant on security matters. Unless they have some sort of secret cache of vB 0day's I'm positive vB is more secure than most other BB software.

Boofo 04-10-2012 08:17 PM

Quote:

Originally Posted by Pandemikk (Post 2318788)
Unless they have some sort of secret cache of vB 0day's I'm positive vB is more secure than most other BB software.

I wouldn't bet on it. ;)

vbresults 04-10-2012 08:26 PM

Quote:

Originally Posted by Pandemikk (Post 2318788)
Unless they have some sort of secret cache of vB 0day's I'm positive vB is more secure than most other BB software.

Wrong.

Paul M 04-10-2012 08:29 PM

Quote:

Originally Posted by Lancerforhire (Post 2318821)
Wrong.

and your evidence is ?

Paul M 04-10-2012 08:30 PM

Quote:

Originally Posted by Boofo (Post 2318732)
You would think the vBulletin people would not want any part of groups like that by allowing them to use vb. Goes to show you that money is their only motive, huh?

Do try and think before you post. Seriously, do you think they apply for a licence as "Al Queda" ?

Boofo 04-10-2012 08:40 PM

Quote:

Originally Posted by Paul M (Post 2318827)
Do try and think before you post. Seriously, do you think they apply for a licence as "Al Queda" ?

The site's name may not necessarily reflect what they are about. And why would they even try to register under that? Looks like I'm not the only one who doesn't "think" before they post, huh?

OldSchoolDSL 04-10-2012 08:51 PM

:cool:

Pandemikk 04-10-2012 09:30 PM

Quote:

Originally Posted by Lancerforhire (Post 2318821)
Wrong.

You're more than welcome to your entirely baseless assumptions. :D

Quote:

Originally Posted by Boofo (Post 2318813)
I wouldn't bet on it. ;)

As are you. ;)

Quote:

Originally Posted by Boofo (Post 2318732)
You would think the vBulletin people would not want any part of groups like that by allowing them to use vb.

Quote:

Originally Posted by Boofo (Post 2318830)
The site's name may not necessarily reflect what they are about.

I love having my cake and eating it too. :up:

private_ale 04-10-2012 09:42 PM

Oh look! A sensationalist article from the one news source quite possibly less informative than a potato.

On second thought, let's not go to vBulletin.org. It is a silly place.

vbenhancer 04-10-2012 09:45 PM

Quote:

Originally Posted by private_ale (Post 2318853)
On second thought, let's not go to vBulletin.org. It is a silly place.

actually, this IS the reason why you come here!

Paul M 04-10-2012 10:00 PM

Quote:

Originally Posted by Boofo
The site's name may not necessarily reflect what they are about. And why would they even try to register under that? Looks like I'm not the only one who doesn't "think" before they post, huh?

So...... first you post
Quote:

Originally Posted by Boofo
You would think the vBulletin people would not want any part of groups like that by allowing them to use vb.

and then you argue against yourself ;)

Quote:

Originally Posted by Boofo
The site's name may not necessarily reflect what they are about.

Quote:

Originally Posted by Boofo
And why would they even try to register under that?

So yes, it appears you are the only one who didnt think it through when they first posted.

vbenhancer 04-10-2012 10:20 PM

Quote:

Originally Posted by Paul M (Post 2318857)
and then you argue against yourself ;)

we call it "aging", Paul...

Boofo 04-10-2012 10:40 PM

You missed the whole point, Paul. But then, coming after me and picking my posts apart has become your mission. Twisting words and not reading between the lines lowers you to my level. Welcome aboard! ;)

Pandemikk 04-10-2012 10:57 PM

https://vborg.vbsupport.ru/external/2012/04/36.jpg
Level: Ad Hominem

Boofo 04-10-2012 11:19 PM

That really wasn't necessary or warranted. Did you not see the smilie in that post?

vbenhancer 04-10-2012 11:22 PM

i like the colors...

Sage Knight 04-11-2012 07:24 AM

Nexia's the bossman.

On a serious note, if hackers can hack high profile intelligence sites such as the CIA or big multi-national corps such as Sony then they can hack a vB install(or any software for that matter), now only the hacker probably knows whether they went for a front or back exploit. As majority admins to claim it as a server side hack rather than the software install, which is often the 98% true.

Pandemikk 04-11-2012 08:05 AM

That's my point. Some "expert hacker" isn't going to go through vBulletin, he's going to get root access to the server. I find it laughable that a "cyberterror expert" would honestly think a hacker does his damage by exploiting a software such as vB.

vbresults 04-11-2012 07:10 PM

Quote:

Originally Posted by Paul M (Post 2318824)
and your evidence is ?

XenForo, IPB, SMF, phpBB3. Your evidence is?

Though, I don't think it really matters what I say. It's hard to be impartial and objective in this situation when you work for Internet Brands.

Pandemikk 04-11-2012 07:15 PM

Quote:

Originally Posted by Lancerforhire (Post 2319147)
XenForo, IPB, SMF, phpBB3. Your evidence is?

Though, I don't think it really matters what I say. It's hard to be impartial in this situation when you work for Internet Brands.

Going to butt in here, are you saying vB has vulnerabilities but none of those BB software's do? Pls hack my site then. :rolleyes:

Boofo 04-11-2012 07:56 PM

I think he meant that all of them, INCLUDING vBulletin, are prone to vulnerabilities. But, twist it the way you want to, I guess.

TheLastSuperman 04-11-2012 08:09 PM

What's this thread about? I'm lost...

:p

vbenhancer 04-11-2012 08:35 PM

Quote:

Originally Posted by TheLastSuperman (Post 2319161)
What's this thread about? I'm lost...

:p


https://vborg.vbsupport.ru/external/2012/04/35.jpg

theFM 04-11-2012 08:44 PM

base vbulletin vulnerablities , whenever is sported by vbulletin staff here or in .com , are fixed right away or a tracker issue is reported next to it.

Other than that , if u use any modification which has any kind of exploit , what will the staff here can do , so first always before using a modification , always use modifications which are in here , as supported. DO not install unsuported modifications say like beta , or any other things....

Also before installing any modification , you should always try it on a demo site and play with it , check it's templates , hook system and what more you can do with it.

And also , hackers as i know , tends to have knowledge about your server. Most of the time , there is an exploit which happens to your server, which gets exploited by hackers to use.

and also , do not allow xml or html scripts to be uploaded to your server directly and they should not be executed.

much writting ..... hands in pain.
And aswell : Thanks vb.org Staff or helping us . :) you guys are goooood.

Adam H 04-11-2012 10:16 PM

And i thought my misses could +++++ and moan, nice read before bed though.

Krusty1231 04-11-2012 11:15 PM

Quote:

If you were the government in need of root access to a system that is used to proliferate jihadist information and one that is used in approximately 90 percent of the jihadist online sites, wouldn’t you approach the new U.S. owners to provide such functionality?” Bardin said.
LMAO.....

Entertaining posts fellas. I really enjoyed reading the replies.

Boofo 04-11-2012 11:18 PM

I guess my quoting the vBulletin part in the first post has awakened the vb monster in a few of us, both good and bad. ;)

Pandemikk 04-12-2012 06:27 AM

I wonder why Bardin thinks IB can "hack" into any vB board... They have our license information and that's it.

Boofo 04-12-2012 07:05 AM

The write the code and they have the call home feature. I'm sure they could put some backdoor code in if they really wanted to, although I don't really believe that is the case. Just saying.

Pandemikk 04-12-2012 07:10 AM

If they had a backdoor I'm sure it would have been discovered by now. If not, they've done a really good job hiding it.

Boofo 04-12-2012 07:12 AM

As I sated, I don't believe any backdoor exists either. I was just playing the devil's advocate.

BirdOPrey5 04-12-2012 10:55 AM

If "th3raptor" really is as skilled a hacker as is claimed then surely he must know there is no code in vBulletin to give the US Government (or anyone) secret access to VB forums.

Therefore I must assume he said those comments on purpose to "scare" those who would be using forums for terror planning activities.

Boofo 04-12-2012 11:23 AM

Why don't we ask OldSchoolDSL? His sig says he is an "Official Member of Anonymous". ;)

Pandemikk 04-12-2012 12:39 PM

Quote:

Originally Posted by BirdOPrey5 (Post 2319354)
If "th3raptor" really is as skilled a hacker as is claimed then surely he must know there is no code in vBulletin to give the US Government (or anyone) secret access to VB forums.

Therefore I must assume he said those comments on purpose to "scare" those who would be using forums for terror planning activities.

Makes sense, although I believe the cyberterror expert was speaking out of ignorance which makes me lose faith in our national defense a little.


All times are GMT. The time now is 10:29 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01214 seconds
  • Memory Usage 1,826KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (23)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete