[Zachery]

Quote:

Any half wit cvan gain access to your admin/smod users with nothing less then a brute forcer.

Can you tell me how you do this? As you cannot attempt a brute force on vB3/3.5/3.6 without having a sites strikes systems disabled, even if you get the md5 hash of a cookie you'd need to obtain the secondary salt used by the cookie hashing system to actually brute force the real password. So you tell me now how you brute force the password, and if you can do it, take a shot at mine,

Quote:

I forget any others that may be out there.. mainly because they suck. if it's apache then... get rid of it... There are a number of security hoels in apache, most have fixes out there but I doubt you would take the time to find them.

lighttpd is the most secure of them all.

Considering how well aged the apache base is, if there are still security exploits with the most recent versions, 1.3.36 2.0.58 and 2.2.2 please report them.

If you are going to spout FUD here, please take it else where, theres no mass difference between a windows and linux server preformance or security wise with a competant system administrator.

Edit: so if vB is not the most secure, what is?



Now to the original poster, if you _truely_ believe this is a fault of the core vBulletin software PLEASE! send in a support ticket with as much information you can give us and if possible be willing to provide us with access to your webservers logs and other access we may request.

There are _no_ known issues at this time with any of the vBulletin core packages, 2.3.9 3.0.14 3.5.4 and 3.6.0 beta 3, if you know of one please report it to vBulletin.com via the members area.