Thread: Exploit WAY Out of Control (file2store.info)
View Single Post
  #3  
Old 03-26-2012, 12:15 PM
Lazorbeam Lazorbeam is offline
 
Join Date: Aug 2010
Posts: 169
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Adam H View Post
Ive cleaned 5 forums in the past 4 weeks of infection from malware and alike , all of them are from boards of which the admins had not updated their VBSEO when they were told too via mass mail on security releases from VBSEO. They also had all of their plugins out of date and not running latest versions of anything. Also ignoring Qaurentined notices sent from VB.org .

There is only so much a community can do , unfortunately there is no cure for stupidity or " it will never happen to me syndrome"

Its not vbulletins fault that people dont take notice of important mails and it certainly isnt vbulletins fault for a 3rd party plugin which they have no control over.

I understand it can be frustrating but the majority of the cases that i come across on a daily basis are the fault of the site owner or host apart from the rare case which are infected before the 3rd party companies find out about the exploit.

Obviously VBSEO did mess up not long ago which didnt help things, but still its vbseo if anyone you should be preaching to rather than a company that has nothing to do with 3rd party plugins
You're absolutely correct that VBulletin is not at fault. There are plenty of unsafe mods/add-ons out there. I think VBSEO should get special consideration though, since it's one (if not THE) biggest and most popular mod. It's not like you can just turn off the damn thing either.

I wouldn't call the affected forum owners "stupid". 3.6.0 (the latest VBSEO) is vulnerable. Maybe not its latest update, but all I ever ran was 3.6.0 and I was hit. Skilled coders and forum owners are affected as well.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01283 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete