- Thread starter
- #1
- Joined
- Jun 13, 2006
- Messages
- 758
- Joined
- Oct 21, 2007
- Messages
- 2,824
Oh dear...
- Joined
- Nov 3, 2013
- Messages
- 184
Uh oh. At least it's VBulletin 5
- Joined
- Dec 20, 2014
- Messages
- 328
*grabs popcorn and tomato soup*
- Joined
- Oct 21, 2007
- Messages
- 2,824
To the hacker...
- Joined
- Nov 8, 2009
- Messages
- 3,315
Now putting that login box into an Iframe was a bad idea wasn't it?
- Joined
- Nov 3, 2013
- Messages
- 184
Any votes as to whether it started with:
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
C. Both
D. Other
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
C. Both
D. Other
- Thread starter
- #8
- Joined
- Jun 13, 2006
- Messages
- 758
I think B!
- Joined
- Oct 26, 2011
- Messages
- 242
It never happened ..
- Joined
- Nov 8, 2009
- Messages
- 3,315
I wouldn't be surprise if it was B.
- Admin
- #11
- Joined
- Aug 26, 2010
- Messages
- 7,364
Has anyone made a JIRA entry yet?
- Thread starter
- #12
- Joined
- Jun 13, 2006
- Messages
- 758
In the next days I'll upload my vB 3.8.9 forum to my server. Should I be worried?
- Joined
- Oct 21, 2007
- Messages
- 2,824
And if so, have you all voted? We all know the most voted for items get priority!Has anyone made a JIRA entry yet?
- Joined
- May 10, 2015
- Messages
- 86
Interesting 
- Joined
- Jun 8, 2013
- Messages
- 2,735
The hacker must be well aware of the vulnerability for quite some time and are just waiting for the right time for the bang.
A is somewhat impossible since they only have limited developers for the software (more controlled access).
Most likely B.
A is somewhat impossible since they only have limited developers for the software (more controlled access).
Can't do that without forum access, at least for ordinary user, AFAIK.Has anyone made a JIRA entry yet?
- Joined
- Oct 18, 2013
- Messages
- 8,990
Well I am sure super Joe will blame it on some old thing that has been on the server since the vB2 days.
- Joined
- Nov 8, 2009
- Messages
- 3,315
What about Paul M?Well I am sure super Joe will blame it on some old thing that has been on the server since the vB2 days.
- Joined
- Oct 18, 2013
- Messages
- 8,990
Paul has been quiet as of late. I think he is still on holiday.
- Joined
- Nov 3, 2013
- Messages
- 184
Not to diminish the likelihood of B (e.g., SQLI etc.), but A is how a lot of breaches are starting these days at large companies. They introduce malware on a person's computer who has administrative or root access and then they have access to whatever that person has access to. It's a lot simpler than some other approaches. Is the code base for VB5 at all similar to VB4 or 3? I know it could be a plug-in or any other software but am just curious.
- Joined
- Nov 8, 2009
- Messages
- 3,315
Maybe it was done via that ipv6 issue that was talked about in another topic.