The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Version 3.6.6. | Exploit is out?
I just recently updated to 3.6.6 and I got exploited.
All my threads got renamed to tom and the first post has a picture of tom and a subtitled saying: "owned by tom" Is there any additional security hacks I can install. It is really getting on my nerves. Please Help |
#2
|
||||
|
||||
This probably isn't vBulletin. Maybe one of your hacks.
|
#3
|
||||
|
||||
Make sure that you and your admins use strong passwords.. Also, check that any other software being run on the server is up-to-date.
It's highly unlikely that it's a security issue with vBulletin 3.6.6 |
#4
|
|||
|
|||
Hmm I have two hacks installed. HideHack + The Statistic hack. That is all.
I did a login history in Direct Admin, nothing it is just me. I believe this is a VB Exploit that is currently out. |
#5
|
||||
|
||||
If it is, report it on vB.com? If it's just you, maybe someone logged in under you. Check the Admin Logs.
|
#6
|
||||
|
||||
Quote:
An XSS calendar exploit was just discovered. |
#7
|
|||
|
|||
Well everyone I HATE TO SAY I TOLD YOU SO!!:
vBulletin 3.6.7 As much as we hate to spring another upgrade on you all so soon after the release of vBulletin 3.6.6, an XSS flaw was identified today and in order to maintain our commitment to fix security problems as soon as we become aware of them, we have to release 3.6.7 and a patch for older versions. |
#8
|
||||
|
||||
Err, Do you have any backups?
|
#9
|
|||
|
|||
Yep one from 2 weeks ago. We hit 103,000 users but nope now we are back to 97,000 because we got exploited and thats that.
Hopefully VB will test out their software fully before releasing to the public. Any who thanks for the updated version. ALWAYS BACK UP - Lesson well learned. |
#10
|
||||
|
||||
Wow !
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|