Th3H4ck hacked hundreds of VB forums over the last two days.

[loua_oz]

Quote:

Originally Posted by Paul M

Yes there was.


Maybe you should get facts right before making silly statements.

Thre was an e-mail, an ACP news item, and an announcement. Plus its been discussed in all vB related admin forums.

While I came and said exactly what was done to recover, you came to tell that hundreds of customers got devastated while you did all needed?

I run Windows but never go to Win forums.
Why would I frequent this one? Should I be on a lookout to see if any minute another hacker has trashed your product that I have paid for, not free download?

Red alert in AdminCP was not there, as is when a new version or patch are available. That is where I go 2-3 times a day and could not miss it.

Yahoo is banned as junk site from where I work, checked Inbox at home, other than 1000s "vBulletin Database Error!" no others or summarily deleted with them.

[Paul M]

Quote:

Originally Posted by loua_oz

Red alert in AdminCP was not there, as is when a new version or patch are available. That is where I go 2-3 times a day and could not miss it..

There is no such thing as a "red alert". The ACP news item is there, so clearly you did miss it, and unless you dismissed it, it will still be there. If you dismissed it without reading it then thats your issue.

Quote:

Originally Posted by loua_oz

Yahoo is banned as junk site from where I work, checked Inbox at home, other than 1000s "vBulletin Database Error!" no others or summarily deleted with them.

Whether you can find it does not change the fact an e-mail was sent. It is your responsibility to make sure your e-mail address is up to date, and doesnt filter out vb e-mails.

[loua_oz]

Transaction logs shows (2 screens, too big for 1). Does not look like legit thing, see bottom of pic 2:

[tnedator]

Quote:

Originally Posted by Paul M

There is no such thing as a "red alert". The ACP news item is there, so clearly you did miss it, and unless you dismissed it, it will still be there. If you dismissed it without reading it then thats your issue.


Whether you can find it does not change the fact an e-mail was sent. It is your responsibility to make sure your e-mail address is up to date, and doesnt filter out vb e-mails.

It is true that an email was sent out, but only AFTER it was too late for so many sites. There was a forum announcement posted on vb.com on 8/27, but no email was sent until 9/3, presumably once it moved from a "potential exploit" that vB was investigating to a case of hundreds or thousands of sites being hacked.

For most of us, we have followed VB installation instructions for many years. This is from the 4.2 read me/install instructions:

Quote:

8. When the installation wizard is complete, it will ask if you want to go to the Admin Control Panel. Before proceeding to the Admin Control Panel, you must delete the 'install/install.php'file from your webserver. You may then enter the control panel and start working on your new vBulletin!

Nothing about deleting the entire directory. Now, if there was enough of a potential exploit to post a vBulletin announcement about deleting the /install directory, there should have been an email on 8/27. Instead, myself, like so many others, got the email AFTER the site was hacked, rather than a week before.

[loua_oz]

yes, exactly. that version was asking for that, 4.2.1 does not.
let alone deleting the whole /install directory.

vB staff are in damage control, bshitting and pointing at customers as their guilt. this blunder may spell the end of them, as a company and their jobs.

next morning, someone may wake up and say: let's hack another 100 of vB sites.

[pityocamptes]

Quote:

Originally Posted by loua_oz

Transaction logs shows (2 screens, too big for 1). Does not look like legit thing, see bottom of pic 2:

Personally, since you have expended so much time, only to find things are slightly off, I would take a known CLEAN backup of your site BEFORE you had issues. I would then take a current version of your site (the only that is "dirty"), and use a program like winmerge to compare files and folders, to see what may have been changed.

From looking at that pic they are NOT legit!!!!!! I would also use a DB comparison tool, and see what, if anything may have been added to your db prior to the hack, and after... HTH

[TheLastSuperman]

Quote:

Originally Posted by loua_oz

yes, exactly. that version was asking for that, 4.2.1 does not.
let alone deleting the whole /install directory.

vB staff are in damage control, bshitting and pointing at customers as their guilt. this blunder may spell the end of them, as a company and their jobs.

next morning, someone may wake up and say: let's hack another 100 of vB sites.

I see staff over there busting their arse to help, I bet they are handling an abundance of tickets the best they can honestly.

Now let's think about this for a minute...
- This is a 100% new exploit that was just brought to their attention, they immediately went about investigating and offering a potential fix before knowing the full extent of the issue and it was on par i.e. delete the /install/ directory. My point is they took immediate action, it's not like they are vBSEO where a KNOWN exploit was left included across countless versions over the course of a year, that was horrid and unforgivable, this was just another case of someone having too much time on their hands and just enough brainpower to pull it off half proper.
- While I agree with you on the delayed "eBulletin" email being a "fail" per say as it was several days late, the fact of the matter is this was announced, on a site that is RSS feed into more sites than there are Chevrolet cars on the road so how you missed it ENTIRELY is beyond me I'm literally baffled. Please bookmark the site and check it daily, as a vBulletin forum owner you need to check the site once daily the same as you do the mail, reading the paper, or watching the news those are daily habits and maintaining your forum is now one, make note of that!

[cellarius]

Quote:

Originally Posted by TheLastSuperman

While I agree with you on the delayed "eBulletin" email being a "fail" per say as it was several days late

Thanks for acknowledging that. When I asked why it was send out so late that was not a question well received at vbulletin.com.

Quote:

, the fact of the matter is this was announced, on a site that is RSS feed into more sites than there are Chevrolet cars on the road

Since when does vB5 support RSS feeds? How do I subscribe to it - genuine question, I wanted to subscribe to it since subscription to a forum does not work either, as far as I know.

Quote:

so how you missed it ENTIRELY is beyond me I'm literally baffled.

Given that the messaging functions of vB5 do not work, it's not so astonishing, really.

Quote:

Please bookmark the site and check it daily, as a vBulletin forum owner you need to check the site once daily

Sorry, but you can't be serious about that. People have lives! IB twiddles their thumbs for seven days before sending out an email about a crucial security issue, and you're really of the opinion that customers have to check out the company website daily (which is, once again, running a software that lacks even the most basic subscription features)?

[xenite]

Quote:

Originally Posted by loua_oz

Transaction logs shows (2 screens, too big for 1). Does not look like legit thing, see bottom of pic 2:

Sorry. It's the CONTROL PANEL LOG that will tell you anything useful. (ON EDIT: About the IP address they used.)

[TheLastSuperman]

Quote:

Originally Posted by cellarius

Thanks for acknowledging that. When I asked why it was send out so late that was not a question well received at vbulletin.com.


Since when does vB5 support RSS feeds? How do I subscribe to it - genuine question, I wanted to subscribe to it since subscription to a forum does not work either, as far as I know.


Given that the messaging functions of vB5 do not work, it's not so astonishing, really.

Sorry, but you can't be serious about that. People have lives! IB twiddles their thumbs for seven days before sending out an email about a crucial security issue, and you're really of the opinion that customers have to check out the company website daily (which is, once again, running a software that lacks even the most basic subscription features)?

Ohh I didn't acknowledge I simply made a logical observation that is was later than a lost teen on prom night - I'm not on staff their anymore so (get ready for this runonramblinglol) no one cares if I acknowledged it or not unless it's for the sake of arguments sake that it was just late lol.

As for the rss feeds... you got me there and the messages you say? Is it obvious I'm not up to par on vB5 Cellarius - Can you imagine why? All I know is if it looks like a Beta Product, Smells like a Beta product, and Acts like a Beta product it surely must be a Beta product... still feels like a Beta product to me as of 9/18/2013.

So of course my arguments are invalid now that I know .