Hacked by Team Animus?

[ChromeDome]

Is "VSa - Advanced Registration" safe?

[TheLastSuperman]

I do want to make one thing perfectly clear!

If you find that a currently installed modification on your site is "Quarantined" or "Discontinued" or in the "Modification Graveyard" for any sort of security issue you need to disable the modification IMMEDIATELY.

You don't want to uninstall unless you truly do not want the functionality otherwise when it's patched/fixed and you update all of your rules are gone or if it was a "Thanks" mod for example all of your thanks would be removed as you uninstalled.

[fxwoody]

Tks for all the info's guys! Much appreciated

Seems like this one will make others talk as some might have weaknesses also that have not yet been approched?!?
Tho, even with a good alarm system, if they want to steal, they will find a way loll

I know for a fact that lots of hackers or geeks try to infiltrate anything they can for pleasure, i get so many deny/block IP's report of failed login in my VPS/WHM that it's nuts!!!! A good firewall and well adjusted server security is always the key to peace and tranquility.....as long as it works lolll

Cheers

[AusPhotography]

<a href="https://vborg.vbsupport.ru/showpost.php?p=2195551&postcount=53" target="_blank">https://vborg.vbsupport.ru/showp...1&postcount=53</a>

I spend an hour on the weekend having a look at the plugin code.
I found an issue with the cookie handling because of the use of an eval function.

The first patch fixed the SQL injection but not cookie injection.

[RCKSTR]

NVM. figured it out

[fxwoody]

Quote:

Originally Posted by RCKSTR

NVM. figured it out

Quote:

Originally Posted by snoopytas

https://vborg.vbsupport.ru/showpost....1&postcount=53

I spend an hour on the weekend having a look at the plugin code.
I found an issue with the cookie handling because of the use of an eval function.

The first patch fixed the SQL injection but not cookie injection.

Any info that you could share with us regarding the bug that we could fix in the script???

It could help everyone here

[madshark]

Well Valters fixed it again. Hopefully thats the end of holes for this one and the poor man being hounded down.

[preemz10314]

I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"...

Not sure what is going on my pc is clean, and I have since added extra security against SQL injections. And I never once used Advanced Forum RUles.

There is also, word around hacking forums that there is an exploit out that effects 4.x.x. - 4.1.3

It is confirmed that there is a very new exploit out there. be careful /

[Smitty]

Quote:

Originally Posted by preemz10314

I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"... <snip>

That sure changes the game... (bold emphasis mine)

--------------- Added [DATE]1305900973[/DATE] at [TIME]1305900973[/TIME] ---------------

Quote:

Originally Posted by preemz10314

<snip> It is confirmed that there is a very new exploit out there. be careful /

Where is it confirmed?

[Zachery]

Quote:

Originally Posted by preemz10314

I never once used this hack and my forum was hacked twice, once someone using some sort of iframe, and this last time someone edited forum.php to simply say "Xuplena"...

Not sure what is going on my pc is clean, and I have since added extra security against SQL injections. And I never once used Advanced Forum RUles.

There is also, word around hacking forums that there is an exploit out that effects 4.x.x. - 4.1.3

It is confirmed that there is a very new exploit out there. be careful /

Please dont go around posting FUD. If you do not have a link to an exploit report, chances are there isn't one in the wild.