Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 31 Oct 2015, 19:20
shimei shimei is offline
 
Join Date: Feb 2015
Vbulletin.com hacked

For us VB5 owners.... I hope they fill us in when they have it figured out.

Reply With Quote
  #2  
Old 31 Oct 2015, 19:21
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
I just noticed as well, apparently Cold had Zero things to do on a Saturday, I'd hate to be so lonely myself!
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #3  
Old 31 Oct 2015, 19:27
shimei shimei is offline
 
Join Date: Feb 2015
Had a guy come onto my site yesterday. He claimed to be using a program that could create registered accounts, and used some 200 proxies. I believe he referred to it as xrumer profiles. Supposedly he creates hacks and sells them.

Of course the only thing I could do was to manually moderate new accounts. He created another account near instantaneous.
Reply With Quote
  #4  
Old 31 Oct 2015, 19:28
bridge2heyday's Avatar
bridge2heyday bridge2heyday is offline
 
Join Date: Aug 2014
This is Very Bad , I think it will have a big effect on vbulletin
__________________
Premium Vbulletin Modifications
Reply With Quote
  #5  
Old 31 Oct 2015, 19:32
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
You can still access the members area via https://members.vbulletin.com

It appears to have only been the forums, the main home page and all subsequently related pages work along with the members area as well.

If your vB5 forum is hacked, close the board and await an announcement and new security patch because currently since we (the public) do not know the exploit used, overwriting with fresh files from a version with an apparent exploit won't be of much use.

*Although to be fair this could have been some other form of exploit... server possibly however I doubt that based on it only being the vB5 powered forums down currently - we honestly do not know yet . *This may also be something that affected the specific version on vbulletin.com, meaning that usually they run a slightly newer version than what is currently released so it's entirely possible only their version was compromised and no others are at risk however that's dependent on a number of factors.

Is it bad? Well sure no one likes being defaced that way but let's not start a panic and have chaos ensue in this thread, we'll know more soon .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 31 Oct 2015 at 19:46.
Reply With Quote
  #6  
Old 31 Oct 2015, 19:40
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Now the question is if it got hacked because of a vBulletin 5 exploit or something else. Looking at the amount of vBulletin 5 vulnerabilities in the past, it does not surprise me if it's a vBulletin 5 exploit.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #7  
Old 31 Oct 2015, 19:43
bridge2heyday's Avatar
bridge2heyday bridge2heyday is offline
 
Join Date: Aug 2014
The hacker in his Facebook page says he lost control , He claims he could control the site for 1 minute only .
__________________
Premium Vbulletin Modifications
Reply With Quote
  #8  
Old 31 Oct 2015, 19:45
napy8gen's Avatar
napy8gen napy8gen is offline
 
Join Date: Jan 2006
Real name: hanafi
How many times vbulletin.com hacked since 2001 and what version?
Reply With Quote
  #9  
Old 31 Oct 2015, 19:50
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by Dave View Post
Now the question is if it got hacked because of a vBulletin 5 exploit or something else. Looking at the amount of vBulletin 5 vulnerabilities in the past, it does not surprise me if it's a vBulletin 5 exploit.
LOL I was editing my post rewording it with something along those lines before I saw your post .

Originally Posted by bridge2heyday View Post
The hacker in his Facebook page says he lost control , He claims he could control the site for 1 minute only .
More than likely due to all the security they have in place to prevent things like this from occurring. Why are you on his facebook page? Silly to even bother visiting it imo, trash all looks the same.

Originally Posted by napy8gen View Post
How many times vbulletin.com hacked since 2001 and what version?
I only know of one other time, I barely recall another time before that but can't say for sure. I know the p0wetards... err I mean p0wersurge folks were able to pull it off a while back. I can only vouch for twice myself.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #10  
Old 31 Oct 2015, 20:01
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by shimei View Post
Had a guy come onto my site yesterday. He claimed to be using a program that could create registered accounts, and used some 200 proxies. I believe he referred to it as xrumer profiles. Supposedly he creates hacks and sells them.

Of course the only thing I could do was to manually moderate new accounts. He created another account near instantaneous.
I laugh at XRumer. defeated long ago.
Reply With Quote
  #11  
Old 31 Oct 2015, 20:05
shimei shimei is offline
 
Join Date: Feb 2015
Originally Posted by Max Taxable View Post
I laugh at XRumer. defeated long ago.
I have no idea what it is. Could you please elaborate, any suggestions?
Reply With Quote
  #12  
Old 31 Oct 2015, 20:35
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
I hope or accounts are all safe do we need to change or passwords on all sites of vb
Reply With Quote
  #13  
Old 31 Oct 2015, 20:38
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Originally Posted by ForceHSS View Post
I hope or accounts are all safe do we need to change or passwords on all sites of vb
They should be safe if all they got were 1 minute of access. Not nearly enough time to do a mysql dump. If you're super paranoid about it, it can't hurt to be safe & change the login details.
Reply With Quote
  #14  
Old 31 Oct 2015, 20:41
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Well dumping just the username, password, salt and email column of the user table shouldn't take too long. You can gather a lot of information in just 1 minute.

Let's hope vBulletin makes an announcement regarding this because I'm really curious what happened and what damage the "hackers" managed to do.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #15  
Old 31 Oct 2015, 20:43
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by final kaoss View Post
They should be safe if all they got were 1 minute of access. Not nearly enough time to do a mysql dump. If you're super paranoid about it, it can't hurt to be safe & change the login details.
A lot can be done in one min
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 10:14.

Layout Options | Width: Wide Color: