vBulletin.com Forums Hacked

[highlander29]

Perhaps this is it

 

[ozzy47]

Well just remember, the worlds leading software of course will have more hackers going after it than a lesser known one.

 

[WD]

Perhaps this is it

It is,

​

You would think they would configure the server better to block file uploads, It's only a few simple CHMOD changes and htaccess rules, Mod_security rules, But this is vBulletin/IB they can't even work out how to make a decent product anymore.

 

[Digital Phoenix]

it seems there can always be some vulnerability from time to time...esp with such rapidly developing software...im sure a patch will become available soon and that will be one less hole...

 

[ozzy47]

It's like they get free labor when things like this pop up. Instead of going through things, to ensure they are right, let a hacker find the exploits for you, free labor.

 

[Deimos]

Stil can't believe how dead that forum is now, wow.

 

[ozzy47]

LMAO:

Appears to have been a server issue. It is being looked into. Closing this because we don't discuss potential vulnerabilities in public.

http://www.vbulletin.com/forum/foru...e-is-vbulletin-software?p=4332101#post4332101

 

[PacMan]

Looks like they restored the database from this morning as there is

Perhaps this is it

Video is gone.. What was it about?

 

[Digital Phoenix]

Looks like they restored the database from this morning as there is



Video is gone.. What was it about?

a how to on hacking vb. lol

 

[PacMan]

LMAO:




http://www.vbulletin.com/forum/foru...e-is-vbulletin-software?p=4332101#post4332101

This is wierd...

When viewing the forum, the last post is by Wayne Luke at 2:51pm
When viewing the thread, the last post is by dikidera at 2:20 pm

 

[Digital Phoenix]

This is wierd...

When viewing the forum, the last post is by Wayne Luke at 2:51pm
When viewing the thread, the last post is by dikidera at 2:20 pm

yep, i see the same

 

[ozzy47]

Cause they probably used a backup, and did not adjust the time on the server right.

 

[WD]

Looks like they restored the database from this morning as there is

Video is gone.. What was it about?

The video showed the hacker exploiting vBulletin.com this morning and writing a file named lol.txt to the server. the image in my above post shows todays date from the video before the hacker removed it.

 

[highlander29]

Looks like they restored the database from this morning as there is

Video is gone.. What was it about?

It appeared to be a video showing the hack into vbulletin.com demonstrating shell access to the host that allowed remote code execution. It referenced a zero day exploit being used.

 

[PacMan]

So it was a server issue and not a vb issue?

 

[ozzy47]

Which would be good for vB5, helps them save face.

 

[WD]

So it was a server issue and not a vb issue?

It was a vBulletin 5 issue and stupid server admins leaving the server insecure. I wish I had downloaded the video now.

 

[highlander29]

So it was a server issue and not a vb issue?

I did not see them logged into VBulletin anywhere in the video.

 

[WD]

I did not see them logged into VBulletin anywhere in the video.

What it looked like they did was exploit an SQLi, Gained a way to inject a shell into the database, After that they ran shell commands and created the lol.txt etc and then defaced the site.

Looking at the video before it went down it seems vBulletin don't even rename their own admincp making it easy to exploit as most shells are injected into the admin area.

 

[Jake]

LMAO:




http://www.vbulletin.com/forum/foru...e-is-vbulletin-software?p=4332101#post4332101

Cause that's how server errors work now? I see where Joe gets his nonsense now xD