security

New 0Day just got dropped for vBulletin 5.x. It's believed that it impacts all versions from vBulletin 5.0.0 till 5.5.4. https://www.zdnet.com/article/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites/...

Wordfence have just announced 3 new login security features including free 2FA, which is pretty big. I've spent a lot of time researching free 2FA options for Wordpress and the good ones are nearly all paid. It's crazy that it's not included in the core at this point. (Side note: I give XF a...

https://thehackernews.com/2017/12/vbulletin-forum-hacking.html

On XenForo.com a Vietnamese coder named HQCoder released very similar addons to Brivium and seems to have copied code from legitimate developers. If you are running any of the addons by HQCoder then remove these immediately because these may include security risks! last month he released his...

Hello everyone at TAZ, What advice would you have to give me for securing my new PhpBB 3.1.9 forum, before I make it publicly available to humans and robots? So far I installed and activated the "Stop Forum Spam" extension, and created niche related questions for the "Sortables Captcha"...

I just ordered a VPS from OVH and got some stuff setup. The problem i have is that even though i managed to do this stuff by myself (Setup the gameservers, mysql and voiceservers) i think im missing stuff that i must certainly not know (Im not very tech savvy about linux based systems). The...

I read IB knows how the vB5 breech happened and they have patched it. How would they know ? They checked the server logs ? Any other ways ?

You may be aware of services like Amazon Mechanical Turk or Microworkers. These are crowdsourcing services that allow vendors to pay small amounts of money for the completion of tasks. These tasks often range from things like helping Google and Bing rank search results (human experience), and...

https://support.tapatalk.com/threads/xf-1-5-tapatalk-bypasses-2-factor-authentication-in-xenforo.31618/ Here's what I did: Via PC, enabled 2FA and verified Via iPhone / Safari, logged out and logged back in. It asked for 2FA and I verified this. I left the "remember for 30 days" unchecked I...