[TheLastSuperman]

Quote:

Originally Posted by ForceHSS

https://vborg.vbsupport.ru/showpost....8&postcount=33

Yuup because its no longer required after initial installation unless running tools.php.

*Please note: Renaming it to /..install../ OR /old_install/ OR anything honestly is not doing you any good, delete the entire directory to be 100% sure you're not able to be exploited by that ftard .

Any script kiddie can become famous, it only takes a tutorial on a supposed "hacker" site and someone without a life to spend time defacing your site or worse. Its your job as the site owner to stay up to par on vB announcements and current security issues. Before the exploit was "known" you had an excuse when hacked, now that we know one is present if leaving the /install/ folder up its silly to come online one morning to find your site defaced or worse when you could have prevented it by simply reading an announcement and taking action.

Shoot I emailed a few old clients just to remind them about this, be sure if your running email filters and folders that you still check the folder for the announcement emails and eBulletin's from vBulletin as its easy to overlook mail when its not right in front of you inside your inbox .

Edit: Also vBulletin did tell people to delete the entire /install/ folder, this was up letting everyone know of a possible exploit and what actions to take:
http://www.vbulletin.com/forum/forum...-1-vbulletin-5

This was a completely unrelated exploit found and the announcement clearly states that, furthermore it also states to delete the /install/ directory near the bottom:
http://www.vbulletin.com/forum/forum...d-all-versions

So I'm not sure who was telling people to delete just install.php but it was not vBulletin themselves unless I'm missing something entirely and my wife says I do that from time-to-time laugh at me not with me on that one .