Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 05-16-2007, 04:00 AM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dadu911 View Post
Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.

Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version.

ALWAYS BACK UP - Lesson well learned.
Thats a ton of users lost :erm:
Sorry for the loss
Reply With Quote
  #12  
Old 05-20-2007, 11:26 AM
dadu911 dadu911 is offline
 
Join Date: Apr 2005
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!
Reply With Quote
  #13  
Old 05-20-2007, 11:51 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would say not. Disable all your hacks and change FTP, cPanel, and MySQL passwords.
Reply With Quote
  #14  
Old 05-20-2007, 12:20 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dadu911 View Post
THERE IS A HOLE IN Latest Version: 3.6.7 PL1 ALSO!!! THEY CAN LOGIN AS ADMIN!!! MAN VBULLETIN HELP

someone logged in as admin, has changed the password and turned the forum off. He placed his url so he gets the hits.

This is SAD! Yet again another hole in VBULLETIN!
What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations.
Reply With Quote
  #15  
Old 05-20-2007, 08:51 PM
dadu911 dadu911 is offline
 
Join Date: Apr 2005
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!
Reply With Quote
  #16  
Old 05-20-2007, 08:56 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dadu911 View Post
Lol Man I was right before and I am right again. Give it another 24 hours, VB will announce a new version cause another security issue!

This time this exploit works like this:

They can login as admin, turn off forum and redirect to another site.

This is a brand new exploit and hasn't been a security fix for it yet!

[high]* Shazz looks into vbulletin.com[/high]
Reply With Quote
  #17  
Old 05-20-2007, 09:03 PM
sonichero sonichero is offline
 
Join Date: Jan 2007
Posts: 163
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

*sees patch for 3.6.7...

...oh bugger...
Reply With Quote
  #18  
Old 05-21-2007, 12:35 AM
dadu911 dadu911 is offline
 
Join Date: Apr 2005
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. the guy keeps doing it.
Reply With Quote
  #19  
Old 05-21-2007, 12:54 AM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dadu911 View Post
I already have: vb 3.6.7 PL 1 and I got exploited L.O.L

I did a full upgrade. the guy keeps doing it.
Did you read what Paul M posted a few posts ago?

Quote:
Originally Posted by Paul M
What hole would that be then ?

You have not offered any proof that any of the exploits of your server were via vbulletin, you've just conviently decided that a previously unknown XSS in in the events area was used, which is actually highly unlikely. It helps to actually have evidence before making wild accusations.
Reply With Quote
  #20  
Old 05-21-2007, 07:37 AM
El_Muerte's Avatar
El_Muerte El_Muerte is offline
 
Join Date: Nov 2001
Posts: 237
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

once you've been compromised you need to change all your admin and system (e.g. database, shell, etc) passwords.
there's a fair chance that your forum got compromised because of a weak admin password, otherwise there would be much more reported compromises.
all versions prior to 3.6.7 were exploitable, not just 3.6.6
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:08 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10342 seconds
  • Memory Usage 2,255KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete