There are so many people reporting that their sites have been hacked, or
have had hacking attempts, that maybe creating a new forum to address
this might help consolidate information to make it easier for them to find solutions.
Maybe call it a Security Issues forum, or something like that.

There are so many people reporting that their sites have been hacked, or
have had hacking attempts, that maybe creating a new forum to address
this might help consolidate information to make it easier for them to find solutions.
Maybe call it a Security Issues forum, or something like that.
That would just give said hackers a more viable place to watch and learn what is what and where.

To be honest, the amount of customers that think they were hacked isn't really big compared to the number of other questions we get. In my opinion it's definitely not enough to warrant an own forum.

Maybe not such a good idea after all. And I certainly don't want to
give hackers any kind of an edge.

Well I haven't seen any boards get hacked lately and if they do, it's usually the users fault. Either they don't update their software and I can't see how you cannot upgrade it? The admincp tells you if a new release is out.

Also addons, some addons have flaws and hackers get through them. However, these days I haven't seen many addons get hacked.

It's all about being smart and planning ahead for security.

Labeling it a "i've been hacked" forum does not instill customer confidence.

Most forums are hacked, cause they install a script or addon to or with vBulletin.

It might make people pretend that their forum had been hacked but they realy just want to be the administrator on it.

Labeling it a "i've been hacked" forum does not instill customer confidence.


That's the deal breaker right there- nevermind!

And besides.. I think vB itselfs is pretty safe software. It's in most cases a poorly patched and/or configured webserver or 3th party software (at the server)/scripts(plugins at the forum) that caused the problems.

Labeling it a "i've been hacked" forum does not instill customer confidence.
LOL!
I can agree with that.
That's like walking into a supermarket and the first thing u see is a box that says "put all your complaints about our products in here".

Yep, I have to agree with some of the above comments. Usually a hacked forum is not vBulletin's fault. It's usually the admin's incompetence by not updating their forum software, updating or configuring software on their server, or using buggy add-ons.

I try to shy away from user created vB add-ons these days. Most are so poorly coded that I could spend less time writing my own from scratch doing a proper job than trying to fix an existing one someone else slapped together.

Even a popular "SEO" product that people use I found an extremely fatal flaw (allowed you to view any file unparsed on the server readable by the web server). At a minimum a person could easily read the username, pw, and db in the config.php file and connect to the DB remotely if they didn't have a firewall blocking the port. Use your imagination about what else you could do reading any file on a server. But I was kind and reported it to that company without posting any public info as to what or how it was done. After browsing through the code more and finding several more bugs / flaws I finally just said to heck with it and deleted the files.