The Arcive of Official vBulletin Modifications Site.

Trana · #51 06-29-2006, 03:42 PM

Quote:

Originally Posted by Andromeda2875

As I stated, it was vbulletin.

Do you have ANY evidence to prove it? Has Jelsoft commented on your issue? Is there a known bug that can be discussed here?

Based on what you've said in these forums, the answer is thus far NO.

There are thousands of sites running VB. To go into a public forum and claim that VB has a vulnerability that was actually exploited on your site several times in under one week is certainly ridiculous.

If you can't offer up a single shred of evidence that it was indeed VB and not any of the backdoors you have undoubtedly left open, don't expect much help from this community. We work with facts, not heresay.

yinyang · #52 06-29-2006, 03:59 PM

Quote:

Originally Posted by Andromeda2875

As I stated, it was vbulletin.

seriously. sell me your vb license and move on.

#53 06-29-2006, 04:04 PM

Quote:

Originally Posted by Andromeda2875

As I stated, it was vbulletin.

That's a bit broad, don't you think? It'd be like my alternator going in my car, and saying that "It's the motor".

What part of vB do you think has/had the vulnerability? If I brute-force SSH to a box and scrap the database, I'm breaking vBulletin, but vBulletin is NOT the issue.

Without knowing what/where/how you were hacked, it's a bit short-sighted to point the finger at vB.

Andromeda2875 · #54 06-29-2006, 08:55 PM

Quote:

Originally Posted by Trana

Do you have ANY evidence to prove it? Has Jelsoft commented on your issue? Is there a known bug that can be discussed here?

Based on what you've said in these forums, the answer is thus far NO.

There are thousands of sites running VB. To go into a public forum and claim that VB has a vulnerability that was actually exploited on your site several times in under one week is certainly ridiculous.

If you can't offer up a single shred of evidence that it was indeed VB and not any of the backdoors you have undoubtedly left open, don't expect much help from this community. We work with facts, not heresay.

Why do they not research it and stop blaming it on other people. As you can see, I am not the only one who has had a problem such as this. Vbulletin needs to investigate the hole. ANd stop jumping down my throat.

See how disrespectful you people are? You swear by something that you have not even invesitaged. There was no brute force on the server. I do have the logs to prove that smarty. If I knew what part of vb they came in through I would not have came here to ask for help. I had used other forum software for a long time before switching to vb, then the day I switch, I get hacked. To me that is a little too circumstantial.

Trana · #55 06-29-2006, 09:03 PM

Quote:

Originally Posted by Andromeda2875

Why do they not research it and stop blaming it on other people. As you can see, I am not the only one who has had a problem such as this. Vbulletin needs to investigate the hole. ANd stop jumping down my throat.

Again, you are making claims that you are backing up with ZERO information.

What do you want them to research? Should they just start looking through the hundreds of thousands of lines of code for a vulnerability that they had not previously found?

Post your WWW logs
Post your admincp logs
Post a screen shot of what they are actually doing to your site

Post SOMETHING or stop making baseless claims about the security of a good product!

davidw · #56 06-29-2006, 09:16 PM

Andromeda2875, I have already warned you once.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03497 seconds Memory Usage 2,210KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (5)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (6)post_thanks_box (6)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (6)post_thanks_postbit_info (6)postbit (5)postbit_onlinestatus (6)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!