New Security Issue in VB?

That's correct. I'm not going to name the file or files specifically. But of course deleting the install folder also deletes the files in that folder.

 

That's moronic. That's like saying if your laptop is infected do a Google search for viruses and you'll have all the information you need.

 

Another example of your bad logic fallacy? He asked for links of examples, and rather than cut and paste the links I found, well you know. Do some leg work, he can find the same sources. But then you knew that right?

 

Thats what people mean with you you can not give one example your deflecting your answers with comments like linking to Sucuri or say Google and then not going in into examples. I have checked now the CVE and looked for 0day exploits but there is noting. Like i said are you trying to FUD and want websites to use resources and money on security with no real basis or are you indeed like also other saying acting as a troll.

As for your opinion well you are stating it as a fact see below.

 

@we_are_borg Then examples you and others are requesting are one and the same examples when you reference CVE and oday. It would be like giving examples of the issue of security vulnerabilities with links to given earlier. The examples are those links and rather than posting a long list of examples I found, it would be just as easy for you to do a search.
Sorry I have no idea what FUD is.
The real basis as you say are what others have found and posted about. And "it's just on of many in VB" refers to all those posts where others have found the vulnerabilities. If you include the full context of that, it is nothing more than an opinion. The facts are presented by others finding the vulnerabilities.

 

FUD = Fear Uncertainty Doubt.

They're saying you're spreading misinformation to scare people.

 

We used to call it by another name, concern trolling.

 

Interesting LOL. Spreading misinformation? Questioning? Reading links posted by others and opining on what I've read? Hardly spreading misinformation unless it can be proven that what others have posted about being hacked ie: Canonical, Sucuri and posts on vB, or other sites then linking or opining on what they said isn't.

Perhaps they are just highjacking the thread for whatever reason? Taking the focus off security issues. Shooting the messenger is always a great means of silencing others.

Well fine, there isn't really anything more I can add as I've not personally experienced hacks to any of my forums when they were up. If people want to ignore what others have to say that's fine too.

 

Were they using a modification tied to subscriptions? I'm not familiar with an exploit vulnerability in the subscriptions.php script itself.

 

@AWS And another one here if this isn't the one you're talking about http://www.vbulletin.com/forum/foru...5610-hacked-again-this-time-by-w3-idiots-help
No install and even when reinstalled and install remove it happened again. Typically no one, server or vB has a clue.
Then at the end of the thread another one bits the dust. Are there more holes/exploits no one is talking about and everyone is denying if and when incidents are reported ?

 

The answer, IMO, is in the op's post

By the time he deleted the install directory, he had already been hacked. I would say its likely they did more then just make extra admins.

 

Is that a fact? How would that happen?

 

No not a fact, just speculating.

How would what happen? Do you think he deleted the new admins the moment they were made admins? Or do you think the new admins would have had a little time to cause a breach.

 

I knew it was a waste of time asking you a question expecting an intelligent response but I thought it was worth a try seeing you present yourself as someone who knows what they are talking about. I guess not.

 

huh?

 

Dont feed him

 

@Paul M.

LOL.