vBulletin.com Forums Hacked

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
Well just remember, the worlds leading software of course will have more hackers going after it than a lesser known one. :p
 

WD

Enthusiast
Joined
Mar 24, 2010
Messages
243
Perhaps this is it

It is,
ai.imgur.com_uW1Xkgo.png

You would think they would configure the server better to block file uploads, It's only a few simple CHMOD changes and htaccess rules, Mod_security rules, But this is vBulletin/IB they can't even work out how to make a decent product anymore.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
It's like they get free labor when things like this pop up. Instead of going through things, to ensure they are right, let a hacker find the exploits for you, free labor. :p
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
Cause they probably used a backup, and did not adjust the time on the server right.
 

WD

Enthusiast
Joined
Mar 24, 2010
Messages
243
Looks like they restored the database from this morning as there is

Video is gone.. What was it about?
The video showed the hacker exploiting vBulletin.com this morning and writing a file named lol.txt to the server. the image in my above post shows todays date from the video before the hacker removed it.
 

highlander29

Enthusiast
Joined
Nov 3, 2013
Messages
184
Looks like they restored the database from this morning as there is

Video is gone.. What was it about?
It appeared to be a video showing the hack into vbulletin.com demonstrating shell access to the host that allowed remote code execution. It referenced a zero day exploit being used.
 

WD

Enthusiast
Joined
Mar 24, 2010
Messages
243
So it was a server issue and not a vb issue?
It was a vBulletin 5 issue and stupid server admins leaving the server insecure. I wish I had downloaded the video now. :(
 

WD

Enthusiast
Joined
Mar 24, 2010
Messages
243
I did not see them logged into VBulletin anywhere in the video.
What it looked like they did was exploit an SQLi, Gained a way to inject a shell into the database, After that they ran shell commands and created the lol.txt etc and then defaced the site.

Looking at the video before it went down it seems vBulletin don't even rename their own admincp making it easy to exploit as most shells are injected into the admin area.
 
Top