TDF Upgraded - Post bugs here please

Status
Not open for further replies.

Flash

Lost in speed
Oh. Mine is visible in my system. Maybe it's loading from Cache.
Am able to see avatars of sujay, amjath, gollum, rcuber and harshil's avatar.
 
OP
Raaabo

Raaabo

The Dark Lord
Staff member
Admin
Yes it was hacked. Server files had to be reverted to a backup for a site issue, but unfortunately we went back to a backup that had the install directory as well. Hackers used a known flaw in VB to gain access to the admincp and set up a simple meta refresh for the default skin, which is why logged in members didn't see the redirect. Just another traffic stealing hack, by a script kiddie using a known flaw because of a little carelessness on our part. Apologies.

Don't worry about your passwords or personal data being hacked, because logs show they didn't access anything but the templates to get the redirect. Besides, all data is stored encrypted in vBulletin, so even I cannot read your passwords, though I can change them to something else. Theoretically, I could try and bruteforce your password using the encrypted hash that's stored in the database, but it would take about 10 years computing time per user, so certainly not worth the effort :)

vBulletin is secure and no worries. However, it does leave us with an egg in the face for overlooking something as simple as the install folder :(

For those interested in the vulnerability:
Potential vBulletin Exploit (vBulletin 4.1+, vBulletin 5+) - vBulletin Community Forum
*thehackernews.com/2013/09/major-vbulletin-based-websites-are.html


Update: Avatars set after the end of August may need to be set again, apologies :(
 

Hrishi

******************
^^ I thought , the install directories were deleted right after Forum installation for security purpose. !!
 
OP
Raaabo

Raaabo

The Dark Lord
Staff member
Admin
They usually are, but put back to upgrade, and sometimes forgotten about. vBulletin usually only asks you to only delete or rename /install/install.php as this allows you to continue to upgrade with scripts. About a month ago they gave us early warning about this exploit, and we immediately deleted the install folder, but when we replaced files with a backup, we forgot to delete the install folder again, and thus a well known exploit that every script kiddie out there was already aware of was made available to everyone. :-(

Just sheer carelessness on my part, my apologies!
 

snap

Lurker
yesterday saw a new admin not listed in the site leaders page was it you guys or the hacker gained admin rights?
 

Hrishi

******************
They usually are, but put back to upgrade, and sometimes forgotten about. vBulletin usually only asks you to only delete or rename /install/install.php as this allows you to continue to upgrade with scripts. About a month ago they gave us early warning about this exploit, and we immediately deleted the install folder, but when we replaced files with a backup, we forgot to delete the install folder again, and thus a well known exploit that every script kiddie out there was already aware of was made available to everyone. :-(

Just sheer carelessness on my part, my apologies!
Well that clearly is a sign of how many script kiddies are hugging around the TDF site , trying to find an exploit every now and then. :)
But it's good that we haven't lost anything , except the Avatar. :p
 

amjath

Human Spambot
They usually are, but put back to upgrade, and sometimes forgotten about. vBulletin usually only asks you to only delete or rename /install/install.php as this allows you to continue to upgrade with scripts. About a month ago they gave us early warning about this exploit, and we immediately deleted the install folder, but when we replaced files with a backup, we forgot to delete the install folder again, and thus a well known exploit that every script kiddie out there was already aware of was made available to everyone. :-(

Just sheer carelessness on my part, my apologies!

That's okay mistakes happens, u donbt have to ask apologies in every post

yesterday saw a new admin not listed in the site leaders page was it you guys or the hacker gained admin rights?

Who the one starts with name "Chain"
 
OP
Raaabo

Raaabo

The Dark Lord
Staff member
Admin
Chainsaw is Soham Raninga, Editor of thinkdigit.com :)

Yeah the various ones with m------ were the hacker accounts which are cleaned out now :)
 
OP
Raaabo

Raaabo

The Dark Lord
Staff member
Admin
ok IT team finished upgrading to 4.2.1

Please report bugs / missing stuff if any here
 
Status
Not open for further replies.
Top Bottom