vBulletin.com Forums Hacked

highlander29

Enthusiast
Joined
Nov 3, 2013
Messages
184
Any votes as to whether it started with:
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
C. Both
D. Other
 

Danielx64

Developer
Joined
Nov 8, 2009
Messages
3,330
Any votes as to whether it started with:
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
C. Both
D. Other
I wouldn't be surprise if it was B.
 

Dakoom

Web City
Joined
Jun 13, 2006
Messages
758
In the next days I'll upload my vB 3.8.9 forum to my server. Should I be worried? :angrybird2:
 

VICE

tool
Joined
Jun 8, 2013
Messages
2,735
The hacker must be well aware of the vulnerability for quite some time and are just waiting for the right time for the bang.

Any votes as to whether it started with:
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
C. Both
D. Other
Most likely B.
A is somewhat impossible since they only have limited developers for the software (more controlled access).

Has anyone made a JIRA entry yet? :eek:
Can't do that without forum access, at least for ordinary user, AFAIK.
 

ozzy47

Tazmanian Veteran
Joined
Oct 18, 2013
Messages
9,007
Paul has been quiet as of late. I think he is still on holiday.
 

highlander29

Enthusiast
Joined
Nov 3, 2013
Messages
184
Most likely B.
A is somewhat impossible since they only have limited developers for the software (more controlled access).
Not to diminish the likelihood of B (e.g., SQLI etc.), but A is how a lot of breaches are starting these days at large companies. They introduce malware on a person's computer who has administrative or root access and then they have access to whatever that person has access to. It's a lot simpler than some other approaches. Is the code base for VB5 at all similar to VB4 or 3? I know it could be a plug-in or any other software but am just curious.
 

Danielx64

Developer
Joined
Nov 8, 2009
Messages
3,330
Maybe it was done via that ipv6 issue that was talked about in another topic.
 
Top