New Security Issue in VB?

Does this hack have anything to do with /install ? Hack report make April 2013
http://club.myce.com/f20/vbulletin-myfilestore-hack-find-traces-remove-them-332219/

 

Im not reading 9 pages, but the original post seems to point to a vbseo vulnerability.

Its also running vb 3.87, which is not affected by the install hack.

 

No. But that vulnerability also has nothing to do with the topic of this thread.

Look, Autopilot, you're in way over your head here. Spend some time doing some basic research.

If you like, I can point you to some threads that might educate you, but I'm not going to bother if you don't commit to actually reading them.

 

No. There were a lot of suggestions, especially from vBulletin support, that it had to do with vBSEO but that was a red herring. The reality is that a lot of non-vBSEO forums got hit with the same issue.

I have disinfected and hardened numerous forums who got hit with the redirect exploit. The culprit is, again and not surprisingly, weak passwords and bad directory and file permissions.

 

I don't doubt it. I just took a quick glance and saw references in the code to vbseo -- like I said, im not reading 9 pages.

 

Unless vBulletin fixes the issue with Install directory , no one can recall vBulletin as a secure script.

Advising people to delete Install folder instead of fixing the actual vulnerability is the most stupid excuse i've ever heard from any company that sells paid scripts.

Fixing the vulnerability is vBulletin Teams responsibility against paying customers. Any existing customer can go to small courts and claim damages from vBulletin because they still didn't fix the issue imo

 

lol i got hit by that one too, did a number on my traffic as i wasn't being a good admin and watching. i was running vbseo at the time. i have no other details.

 

@Lizard King That's a good point and there isn't any reason why they can't fix this particular issue as some no cost forum script will not even allow access to anything other than ACP keeping the forum access closed until that directory is either removed or renamed.

 

@Caddyman When your forum got hit did you still have the install directory or was it previously removed?

 

The install folder IS the vulnerability. Removing the install folder fixes the vulnerability.

 

I've already told you that vulnerability had nothing to do with the install folder. That one has been hitting forums with and without vBSEO for a good 2-3 years and they exploit file and directory permissions and weak passwords.

 

I guess as usual you missed reading the other posts that the install folder IS NOT the only vulnerability. It's just one of many in VB

 

This is slightly incorrect because, as someone mentioned earlier in this thread (I believe), if you are upgrading, then you are vulnerable to the exploit and that just shouldn't be possible at all, at any time.

Oh, and having it HTACCESS protected is not the solution either, because not all users of the software can create such a protection.

Scott

 

@Autopilot Good grief, man. I give up. You are either being intentionally obtuse or you're simply not very bright. Obviously, there are other issues that lead to hacking, which is what I have said in the other thread. THIS issue is the install folder and the presence of certain files in that folder AFTER the installation is finished.

 

You should get your story straight. First you say the install folder is the vulnerability and in the next breath you say the vulnerability has nothing to do with the install folder. Which is it?

 

No its the FILES that are the vulnerability one of the files is doing something that it should not do. Its a development problem one of the files is setting up a administrator while there are all ready administrator(s), so the script can check if administrator exist if so don't allow new administrator. The argument of that the script can be altered well true but if they can alter one script they can alter others to and their easier ways becoming administrator if you can alter a script.

 

Again with the person attacks. You can't prove or state your opinion about an issue without attacking people? Not very professional of you. Bad-bastard manipulation. You tend to use a lot of fallacies when relating to people. You find it difficult to accept that you are not the only person with a different opinion? I don't see anyone abusing you when they disagree with you.

 

@Autopilot

Again the only known security issue at this time is the /install and /core/install there is a workaround remove the install directory, problem solved.

At the moment there are no other issues i have checked 0day exploits and there is nothing at this moment. If you know something else please link to the exploit or where its posted that there are more issues with security, linking to Sucuri is not needed because the only issue there at this time is the /install and /core/install. So what many issues are there or are you trying to do FUD or are you just trolling.

Hacks like the Ubuntu forum are not because of vBulletin but lake of security by people running the board.

 

@we_are_borg If you do a google search for "vbulletin vulnerabilities" you'll find all the links you need.
Why is it that when someone has a difference of opinion that you don't agree with you assume they are are trolling?

 

*sigh* One last time. Those are two very different and separate issues: one is the file redirect issue and the other is the exploit that allows an attacker to set himself up as an Admin.

Got it, finally? Sheesh.