vBulletin.com Forums Hacked

Discussion in 'vBulletin' started by Dakoom, Oct 31, 2015.

  1. highlander29

    highlander29 Enthusiast

    102
    83
    +32
    As to reducing the possibility of these things happening to us, does anyone have experience with this Web Application Firewall service? It looks interesting.

    http://cloudproxy.sucuri.net/features
     
  2. Deimos

    Deimos Devotee

    2,780
    827
    +1,278
    When they do finally post something about the hack, will it just be on the vb forums? or do they use another channel for posting such things?
     
  3. Paul M

    Paul M Cable Forum Admin

    2,630
    822
    +708
    Wayne simply posted with the information he had at the time.

    Where has anyone denied it ?

    No, "they" have not.

    I presume you have evidence to back this up - so where are "they" going with that exactly ?
     
  4. LeadCrow

    LeadCrow Apocalypse Admin

    5,640
    1,042
    +1,653
    There's the twitter and facebook pages, but there's rarely been anything interesting posted there. In fact, this breach appears to still be somewhat confidential for now, and mainly discussed here.

    vB Facebook (last activity 30 october - nothing about the breaches so far)
    https://www.facebook.com/vbulletin/

    vB Twitter (last activity 16 october)
    https://twitter.com/vbulletin
     
  5. Dakota Storm

    Dakota Storm Coffee Ninja

    1,820
    507
    +1,242
    I didn't say they had denied it, Paul.

    I said there is no way they can deny it.
     
  6. BirdOPrey5

    BirdOPrey5 #Awesome

    3,790
    722
    +1,462
    Official comment I am allow to give as a support rep- We are aware of the issue, we are still not sure of how exactly it happened or what exactly was compromised, we are working on answering those questions and will provide a more detailed statement when we have more answers.
     
    • Informative! Informative! x 4
    • Like Like x 1
    • List
  7. The Sandman

    The Sandman Administrator

    26,891
    1,822
    +3,992
    Thanks for the official comment, though we already knew most if not all of it, and more.
     
  8. BirdOPrey5

    BirdOPrey5 #Awesome

    3,790
    722
    +1,462
    Well, now it's official. :)


    aaxactsoft.com_wp_content_uploads_2013_02_vbulletin_logo.png_1cf05abdb490abbc48ce1c11e19ed2a1.png
     
  9. Tracy Perry

    Tracy Perry Opinionated ass-hat

    4,029
    337
    +2,706
    When dealing with a situation like this, a server issue can be caused from an error in the configuration of the server - ergo, it could be, by someone not familiar with server setup, referred to as a server error (read, error in configuration).

    As The SandmanThe Sandman said, you are effectively playing semantics with the use. Most people KNOW what the user meant. It's highly doubtful it was a server "issue" since it was also performed on another site... unless you are alleging that the other site server was set up identically with the same "issue" as the vBulletin official site.
     
  10. BirdOPrey5

    BirdOPrey5 #Awesome

    3,790
    722
    +1,462
    Not semantics... Wayne said X, not Y. Claiming he said Y and getting mad at me when I ask where he said Y is ridiculous. The original poster did the right, he admitted his mistake and moved on. I already admitted if the correct word was used I wouldn't have brought it up.
     
  11. Russ

    Russ Administrator

    1,060
    832
    +1,409
    Well I think now that we have an official comment this thread can be closed. :daroldi: /sarcasm
     
    Last edited: Nov 2, 2015
  12. Dakota Storm

    Dakota Storm Coffee Ninja

    1,820
    507
    +1,242
    Do it, I dare you :daroldi:
     
  13. M.C.

    M.C. Neophyte

    2
    1
    +0
    well, is it safe to use own vb or better to turn it off?
     
  14. Dakoom

    Dakoom Web City

    758
    352
    +102
    Ok, ok, if you really have to. :cry_pigeon: LOL

    Edit: No 20 pages? :cry_pigeon:
     
  15. Lisa

    Lisa The Black Widow

    27,347
    1,847
    +7,410
    Dare me . . . go on :sneaky:
     
  16. BirdOPrey5

    BirdOPrey5 #Awesome

    3,790
    722
    +1,462
    It's really up to you. I would still keep my sites open (In fact I am keeping my VB3 and VB4 sites open.) My VB5 site is a cloud site which also remains open, but to be frank, it is a test site I don't really care about.

    If I had a VB5 forum with very sensitive (secret) data then I would probably take my forum offline until VB responds with either a patch or an announcement that they know it was not a flaw in the software that the hacker got access to.

    However if I just had a general VB5 forum for basic conversation and information exchange I would just make sure I'm doing a nightly backup and keep it running otherwise. The chance anything will happen to your specific forum is very small.
     
    • Appreciation Appreciation x 1
    • List
  17. M.C.

    M.C. Neophyte

    2
    1
    +0
    well, both .com and .org (was running 3.6.x version) are down now that's why I asked this question. Thanks
     
  18. Dakota Storm

    Dakota Storm Coffee Ninja

    1,820
    507
    +1,242
    I tripple dog dare you :kick::wave:
     
  19. BirdOPrey5

    BirdOPrey5 #Awesome

    3,790
    722
    +1,462
    The sites are down while the VB team determines what happened and what was compromised.
     
    • Pure Genius! Pure Genius! x 1
    • Appreciation Appreciation x 1
    • List
  20. highlander29

    highlander29 Enthusiast

    102
    83
    +32
    A few statistics from the most recent Verizon Breach report might be relevant.
    "In 60% of cases, attackers are able to compromise an organization within minutes"
    "99.9% of the exploited vulnerabilities were compromised more than a year after the CVE was published"
    "Ten CVEs account for almost 97% of the exploits observed in 2014."
    "About half of the CVEs exploited in 2014 went from publish to pwn in less than a month."
     
    • Informative! Informative! x 2
    • List
Verification:
Draft saved Draft deleted