Results 1 to 35 of 35
  1. #1
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    12,200

    * vBulletin hacked?

    As seen at http://www.vbulletin.com/forum/forum...g-your-account

    This is an important message about your account.

    We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.

    To regain access to your account:

    Visit the vBulletin forums at http://www.vbulletin.com/forum/settings/account
    Enter in your existing password followed by your new password, twice for confirmation.
    Save this page at the bottom.

    Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.
    If you have any additional questions or concerns, please feel free to contact our support team at http://www.vbulletin.com/go/techsupport or [email protected]

    Sincerely,
    Wayne Luke,
    vBulletin Lead Technical Support.

  2. #2
    Join Date
    Jul 2013
    Posts
    296
    It seems YES.

  3. #3
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    12,200
    They don't make it clear though, is this about the discussion forum accounts, or the member accounts that manage vB licenses?

    I opened a ticket, let's see what they say.

  4. #4
    Join Date
    Jul 2013
    Posts
    296
    it seems only forum hacked and it patched now but some information disclosured.

  5. #5
    Join Date
    May 2009
    Location
    Indonesia
    Posts
    216
    i'm also receiving email from vbulletin, nowadays so many compromised product last time whmcs and now vbulletin. whats next ?
    i2DOTNET
    ▪ Fast and Reliable Webhosting
    ▪ Los Angeles, Amsterdam and Indonesia Data Centers

  6. #6
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Thing is VBulletin is full of holes, and their new version is worse. It doesn't surprise me, no point changing mine lol if they've got it they've got it. I don't use it elsewhere.
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  7. #7
    Join Date
    Jan 2003
    Location
    Let's see.....
    Posts
    4,446
    First Adobe, then vB. Good thing this mboard didn't upgrade to the holey new version of the software.
    73's, Kim
    Everything happens for a reason I make up.

  8. #8
    Join Date
    Jul 2002
    Location
    Tasmania, Australia
    Posts
    34,796
    Quote Originally Posted by Acroplex View Post
    They don't make it clear though, is this about the discussion forum accounts, or the member accounts that manage vB licenses?
    Discussion forum I would say. I just received an email and I don't own a license.
    If you don’t like the road you’re walking on, start paving a new one.

  9. #9
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by anon-e-mouse View Post
    Discussion forum I would say. I just received an email and I don't own a license.
    Yep just the forum: http://thehackernews.com/2013/11/vBu...ility.html?m=1
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  10. #10
    Join Date
    Aug 2013
    Posts
    45
    I left VB because of the holes in it, Version 5 is dreadful

  11. #11
    Join Date
    Sep 2010
    Posts
    198

    vBulletin Inc got Hacked? Whmcs and cPanel forums Off Line - Look

    http://www.vbulletin.com/forum/forum...g-your-account

    http://forums.cpanel.net/
    Code:
    cPanel Security Action Taken: vBulletin Compromise
    
    The cPanel Security Team has requested that the Systems Administration Department take the following actions to protect our client data:
    
    1. Disable cPanel Forums(forums.cpanel.net)
    
    vBulletin has given an emergency press release discussing their compromise here:
    http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4007195-important-message-regarding-your-account
    
    cPanel is proactively disabling forums.cpanel.net until vBulletin releases a solution in order to ensure the security of these forums.
    
    The cPanel Security Team has no reason to believe that any breach has occurred, and this measure is only precautionary given the severity of the report.
    Complimentary support incidents are available by ticket submission at https://tickets.cpanel.net/submit/
    If you need a support account, you can create one here: https://tickets.cpanel.net/review/forgotpass.cgi?newacct=1
    Thank you for your patience and understanding.
    
    cPanel Security Team
    http://forum.whmcs.com/
    Code:
    Forums Offline
    The WHMCS and cPanel Security Teams have taken the decision to disable the WHMCS Forums proactively following the recent vBulletin Compromise.  This will remain in effect until vBulletin releases more information and if necessary an update in order to ensure the security of these forums.
    We have no reason to believe that any breach has occurred, and this measure is only precautionary given the severity of the report.
    vBulletin's emergency press release discussing their compromise can be found here:
    http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4007195-important-message-regarding-your-account
    
    If you need support, all our other support resources are still accessible via www.whmcs.com/get-support
    WHMCS Limited
    www.whmcs.com
    What's happening?

    If the security problems is on vBulletin customer accounts, why the forums stay off-line? Maybe the problem is not only on vBulletin customer accounts?

    I have my own vBulletin forum, and it's online... Better to put this off?

  12. #12
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,948
    Got into the office, went to check for something in the cpanel forums...poof.
    ...you don't think.....


    My wife's been down with the flu all weekend so I'm just coming into this ...
    | John Edel Jetfire Networks L.L.C. Trusted Hosting Solutions
    | Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
    | SpamWall AV & Full SMTP Filtering
    Now an SSLStore Titanium Partner!

  13. #13
    Join Date
    Sep 2010
    Posts
    198
    Look at cpanel and whmcs forums. They are off-line to claim for it!

  14. #14
    Join Date
    Mar 2006
    Location
    Ventura CA
    Posts
    314
    cPanel shut down their forums as a precautionary measure:
    http://forums.cpanel.net/

    Intersting read can be found here:
    http://www.computerworld.com/s/artic...?taxonomyId=17
    *G.C. SOLUTIONS Cloud Shared Web Hosting* - Hosting Quality Sites Since 2006. Experience Your Website On A Whole New Level
    *Dedicated Resource Usage Experts*
    *Build your Own Virtual Data Center*More Info Here

  15. #15
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    http://thehackernews.com/2013/11/vBu...ility.html?m=1

    Yikes! Hope WHT is protected. :x

    Edit:

    Nevermind. Apparently only vb 4 and 5 are affected.
    Last edited by Patrick; 11-18-2013 at 01:51 PM.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  16. #16
    Join Date
    Jan 2003
    Location
    Let's see.....
    Posts
    4,446
    vBulletin used to be the gold standard in mboard software, but since IB took them over, it's gone into the crapper. Internet Brands is more worried about profits and losing some of the talented devs didn't help. Time for WHT and INet to switch to another platform for their mboards and Dennis to lose more hair.
    73's, Kim
    Everything happens for a reason I make up.

  17. #17
    Join Date
    Sep 2005
    Location
    Nervous Hospital
    Posts
    468
    Quote Originally Posted by Kimmikat View Post
    Good thing this mboard didn't upgrade to the holey new version of the software.
    WHT is running the same vB branch MacRumors is. The owner of MacRumors had some interesting comments regarding this in a thread over at TAZ: http://www.theadminzone.com/forums/s...5&postcount=87

  18. #18
    Join Date
    Oct 2009
    Location
    London
    Posts
    28
    I got this email from them

    This is an important message about your account.

    We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
    To regain access to your account:

    Visit the vBulletin forums at http://www.vbulletin.com/settings/account
    Enter in your existing password followed by your new password, twice for confirmation.
    Save this page at the bottom.
    Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.

  19. #19
    Join Date
    Jun 2011
    Posts
    2,286

  20. #20
    Join Date
    Oct 2010
    Location
    Iraq
    Posts
    214
    Hello,

    the same group who hacked vbulletin.com have listed the zero-day exploit for sale on their site. even though its not cheap some lamers will buy it to exploit sites with vb4 or vb5 forum.

    I guess now you understand why cpanel and whmcs closed their forums for the time being.

    webmasters who have vb4 or vb5 must take same precaution approach taken by cpanel and whmcs to avoid any db leaks until further update by vbulletin.

    Highest Regards
    Mohammed H
    www.xsltel.com
    Simplest way to host your website
    GitHub

  21. #21
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,695
    I'm not sure who thought it was a good idea to send the vBulletin.org password notice in the method they did.

    Password reset links from click.shopping.ibemail.com, really? that'll inspire confidence!


  22. #22
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    did WHT just go dark for the rest of you?

  23. #23
    Quote Originally Posted by Mohammed H View Post
    Hello,

    the same group who hacked vbulletin.com have listed the zero-day exploit for sale on their site. even though its not cheap some lamers will buy it to exploit sites with vb4 or vb5 forum.

    I guess now you understand why cpanel and whmcs closed their forums for the time being.

    webmasters who have vb4 or vb5 must take same precaution approach taken by cpanel and whmcs to avoid any db leaks until further update by vbulletin.

    Highest Regards
    Mohammed H
    are vbulletin 3.x's affected?

  24. #24
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    I thought I read somewhere that macrumors was hacked and they are on 3.x

    not sure if it's true or that I am remembering correctly..

  25. #25
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    ok something weird is happening here on WHT, the site went dark for a bit now when I make a reply the page comes back up without the reply...

  26. #26
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by dave - just199 View Post
    I thought I read somewhere that macrumors was hacked and they are on 3.x

    not sure if it's true or that I am remembering correctly..
    The macrumors hack was different.

    http://www.theadminzone.com/forums/s...5&postcount=87

    1. MacRumors was hacked when a moderator account was accessed, and an HTML announcement was posted, resulting in a XSS/CRSF type attack when an admin viewed the page. This was outlined identically in the Ubuntu post-mortem. As far as we know, it's not a vB3 vulnerability, except for the fact, that as has been pointed out, turning off moderator HTML announcements is entirely non-obvious. If you asked me if we allowed moderators to post html, I'd have said "no way, that's crazy".
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  27. #27
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Yikes Lynnee said VB.org had a test account... wouldn't you remove any test accounts when not using them?

    http://www.vbulletin.org/forum/showp...1&postcount=18
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

  28. #28
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,877
    Quote Originally Posted by CW Mike View Post
    Yikes Lynnee said VB.org had a test account... wouldn't you remove any test accounts when not using them?
    No, but I ban them.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  29. #29
    Join Date
    Sep 2013
    Posts
    182
    That's not good!

  30. #30
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    http://www.vbulletin.com/forum/forum...s-in-vbulletin

    Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin.

    These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.

    Regards,
    Wayne Luke.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  31. #31
    Join Date
    Feb 2005
    Location
    United Kingdom
    Posts
    3,104
    every source confirmed that the vBulletin has been hacked:
    http://www.theregister.co.uk/2013/11...lletin_hacked/
    Low Cost Storage VPS plans at webprovps.com
    VPS Price Match Guarantee on: All our range of DDOS protected XEN HVM VPS
    == Contact us for any online solution development or managed / unmanaged vps hosting ==

  32. #32
    Join Date
    Jan 2003
    Location
    Let's see.....
    Posts
    4,446
    Interesting part of the story... "The disclosure of a breach at vBulletin comes a week after forum site MacRumors (which runs on vBulletin) was hacked, exposing the credentials of more than 860,000 users. In a statement acknowledging the compromise, MacRumours apologised for the breach and advised commentards to change up their passwords."

    Quote Originally Posted by alex-developer View Post
    every source confirmed that the vBulletin has been hacked:
    http://www.theregister.co.uk/2013/11...lletin_hacked/
    73's, Kim
    Everything happens for a reason I make up.

  33. #33
    Join Date
    Jun 2001
    Posts
    369
    I give MacRumors a great deal of credit for acting quickly and then sharing what needs to be done with administrators in order to secure the breach. For those who are interested, it's about shutting down the admin/mod ability to post announcements with HTML. If you need to do so, advisable to only have the main admin enabled. In vBulletin

    CP >> Forums & Moderators >> Show All Moderators

    Now click on each moderator one at a time and turn off the super moderator permissions for the following: Can Post Announcements
    Granting this permission will allow this user to post announcements containing arbitrary HTML.

  34. #34
    Join Date
    Mar 2013
    Posts
    1,294
    Provocation: this is what you get for being such a paytard.

  35. #35
    Join Date
    Oct 2002
    Posts
    13,277
    Quote Originally Posted by Kimmikat
    First Adobe, then vB. Good thing this mboard didn't upgrade to the holey new version of the software.
    Ya and i hope they dont..... It will ruin WHT Kimmikat!! (I dont wanna not come here anymore,i love WHT)





    Tinyurl is the answer for posting long urls!!!

Similar Threads

  1. my vBulletin hacked everyday
    By ruba in forum Web Hosting
    Replies: 21
    Last Post: 01-20-2013, 07:34 PM
  2. vbulletin/vbseo hacked?
    By mikewiz in forum Web Design and Content
    Replies: 11
    Last Post: 03-03-2012, 09:59 AM
  3. Can my blog be hacked on shared hosting if my neighbour is hacked?
    By zobe in forum Hosting Security and Technology
    Replies: 17
    Last Post: 03-10-2011, 04:09 AM
  4. alot of vbulletin on my server hacked !!
    By koky_cola in forum Hosting Security and Technology
    Replies: 10
    Last Post: 07-12-2008, 10:10 PM
  5. Why always ALL VBulletin forums get hacked easily ??
    By Mak3000 in forum Hosting Security and Technology
    Replies: 13
    Last Post: 12-22-2007, 06:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •