""Fixing your site after you have been hacked""

I don't understand- you don't feel the security of the community means anything? I don't have any live XF sites but you can be sure if I was made aware an XF exploit I would be reporting it to the developers. I don't get how you feel it isn't your responsibility? Is it not your responsibility if you see someone fall off their bicycle and lay hurt on the side of the road unable to get help? You just drive by because it isn't your responsibility?

As far as I know the OpenSuse people have admitted it was a VBSEO problem- if you don't want to believe them I don't know what to tell you.

 

So this is an assumption then on your part? I'm beginning to see a pattern in your thought process. Assume things are as you imagine them to be without validation, tell everyone you know the facts then admit to not having read anything about it when questioned, deny the whole thing and blame others for the misunderstanding while rationalizing your part in the whole affair.
Gotcha......... Not much sense conversing with you then is there?
Have a nice day.......MEH!!!!!!!

 

That is what i am reading to that vBSEO was not to blame, but they found something but their not telling. Looked at the black market but nothing there if its an exploit its a good one because no one is talking or wispering even. On the surface it looks a normal hack vector but there is much more going on, they are preserving the exploit for something big, there testing it.

 

As far as I know because I have no "In" with OpenSuse and have to read the same stuff everyone else does. A VBSEO exploit makes more sense because we know they exist. There is no proof any exploit exists in current VB 4.2.2 or pateched 4.2.1 versions with /install/ deleted.

 

So you are for the illegal hacking of sites and for private details to be stolen from innocent people? That attitude speaks for itself.

Also your "na na na I know the truth and you can't see it" remark resonates as childish as my translation sounds.

Their business is criminal and built on the suffering of others. Drug lords, organized crime, and the like work hard too... Why kill their businesses either?

I'm not sure where you live but it sounds like you've just confessed to conspiracy should the exploits you know about be used in future crimes.

 

Why would he help vBulletin if you try to communicate with vBulletin you get there are no exploits and its add-ons. In the end vBulletin is writing the software and responsible for exploits if someone says he has one you give your managers notice so they can talk to him.

And yes hackers are a evil you'll need to make progress in security. But its also true that a company needs to take there responsebillity when you see so many claims about security issues you should have hired an external security audit to fully check the software. Its also clear that vBulletin is not keeping up with the underground sites and security of their software else they would have seen whats going on. But its not a suprise because the YUI exploit of weeks before vBulletin even noticed it.

 

Wasn't there a reported 40,000 sites hacked over a period of time before vBull raised their head and reported a possible breach? I could be wrong but I thought I read that in one of the security releases.

 

As a freelancer that gets paid to fix hacked or broken forums I welcome vbulletin sloppy code that we've seen all over since 2009.

 

No I believe you are wrong- the majority of the hacks came after VB knew but Admins didn't take ction for whatever reason. I was working on a 4.1.8 site today that still had the /install/ directory in place.

 

How terrible, they must be a right bunch of amateurs, not so different to this bunch of clowns: http://www.vbulletin.com/forum/foru...685-demo-installer-did-not-delete-install-php

 

ROFLMAO a Kodak moment

 

This reminds me of the actions of an admin I know who allows his website to used for exactly this purpose.
He even allows the personal details, photos of an innocent mans house and photos of an innocent mans wife to be posted on his site.

That attitude speaks for itself.

 

Yes... Emails were sent to every vb customer we had in our database no matter from the beginning of time. it was so many it took several days to complete the mailing.

 

Never got an email about the hacking stuff, never got an email from marketing to.

 

Maybe they should be reported to that new Cyber Cop forum in the clouds.

 

You're just full of misinformation eh?