vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   HEARTBLEED BUG!! (https://vborg.vbsupport.ru/showthread.php?t=310350)

Barcham 04-09-2014 01:41 PM
HEARTBLEED BUG!!
 
I have been hearing an awful lot about this new bug in the last couple of days and I was wondering if this is something we have to worry about looking into on our vbulletin boards. Does anyone know if this is a bug that can affect us and is there any action we should be taking to secure our boards?

http://heartbleed.com/

Quote:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

BirdOPrey5 04-09-2014 04:41 PM
This bug isn't at all related to vBulletin.

If your vBulletin forum happens to run on a web server that is using a secure, https, connection then you may want to check with your host to confirm they have patched the system if they were vulnerable.

Adrian Schneider 04-09-2014 09:42 PM
If you are running a webserver, especially a VPS or higher, you are probably vulnerable unless you've explicitly upgraded openssl or if you know your host has for you. It's not just https, there's also SSH, and even if you aren't using https, cpanel probably is.

I'd be worried whether I had vBulletin, XenForo, Wordpress or any other software on a public-facing web service.

CAG CheechDogg 04-11-2014 09:06 AM
This is something that mostly every host has already patched by now, I use HostGator and they have everything patched up already ...check with your host or simply got to your host's site and they will have a site checker for this which will tell you right away if your site is safe ...for HostGator account holders they can use the following link to check their site:

http://heartbleed.hostgator.com/

Max Taxable 04-11-2014 01:39 PM
If you're skeered a site you go to might have this exploit, just test it here.

http://filippo.io/Heartbleed/


All times are GMT. The time now is 07:20 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01186 seconds
  • Memory Usage 1,718KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete