So... can someone explain how exactly they hacked vb.com. Can we have some more detailed answers?
In post number 3 of this thread you will find a link to a facebook posting where a "hacking" claim is made. Images in that link send you to dummied up screenshots that could be anything.
Not really sure what financial information you mean.
All the log files that were examined do not show any attemped access of customer data in the support system, they basically targeted the vb user table.
Was this an SQL injection and not a hack or vulnerability?
There isn't one shred of proof of that and it's not even a claim the illiterate script kiddies with their dummied up screenshot and their "patch for sale" are even making.
The screen shots the script kiddie provided show the VB.org database in the list.
I will repeat one more time, this thread is not for made up nonsense.
Stick to facts, dont go making things up.
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.
Which one is a fact? A single server was hacked as you claim, or servers as the notice from VBulletin claims? Just curious, since my post about others being wrong was considered enough nonsense to remove, but not those calling me paranoid, a conspiracy nut, or any of the others slamming me. Hardly seems impartial.
Post #70 was edited by Paul, a post of mine was deleted....
You never answered my questions. Have you bought their "patch?" If not, why are you promoting it?
Was this an SQL injection and not a hack or vulnerability?
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.
The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.
After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.
I never saw that... I saw dummied up screenshots I could make for ya, to show anything I wanted you to see.
There was nothing at all about vB dot org in any of it.
VBulletin has acknowledged in the email they sent that systemS were hacked. In light of this this admission by VB the cracker's screenshot have credibility. Apparently credible enough for VBulletin.ORG to require everyone to change their password when logging in.
They broke into an old stage server, mainly used by QA for test installs of vB4 & vB5.
Its not know exactly how, but at one point there were in the region of 100 old installs on it, so anyone of them could have been used.
The best guess from evidence is that they hacked it sometime in late summer, and at some point between then and early October they uploaded adminer.
They then appear to have cracked a mysql user password for the Live DB server, and used it (via adminer) to read the vb.com and vb.org user tables.
After that it appears they moved on (they deleted adminer). Nothing was known about this until their facebook post the other day.
11-16-2013, 11:38 PM
Linear Mode
