Thread: Version 3.6.6. | Exploit is out?
View Single Post
  #22  
Old 05-21-2007, 02:33 PM
Dem3ntedSn1per Dem3ntedSn1per is offline
 
Join Date: May 2007
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by dadu911 View Post
Yea Shazz What proof you want? Screenshots of another person logged in as me, the admin?

Site being exploited 3,4 times. It is not a system issue, it is vb, the hacker is even playing games with me, he has many sites databases. He exploits them, logs in as admin, he gains acess to admincp and creates his back up, he has many ways.

I fully upgraded to 3.6.7 pl1, changed all my passwords. Poof, he does it again.

I was right about 3.6.6. also check the first post here, I discovered the hole in calendar. Cause he hacked that too.
Not to seem rude, as I am new to vB. But...I've been running sites for a while now and work for a software developer that produces web based applications, so I'm not a complete novice when it comes to things like site security. There is no forum software that is 100% hacker proof, but you seem to care more about trashing vB than you do about actually helping the community protect itself from a potential exploit.

vB has a nice sticky post in their quick tips and customization section called "How To Make My Forums More Secure". If he's continuing to get in to your admin cp, there's something going on. Maybe you haven't taken proper steps to secure it or maybe you have a key logger on your own computer and keep inadvertently giving your passwords to him.

Since you single handedly identified the calendar exploit before anyone else, maybe you can present evidence of the hole in 3.6.7 PL1 that is causing your site to get hacked instead of just ranting that there's a new, unidentified exploit.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01904 seconds
  • Memory Usage 1,763KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete