The upgrade instructions for vB 4.2.2 (and probably other versions too) state in "Preparing the vBulletin Files for Upload" to delete install.php in the install directory prior to uploading the files. Since the potential exploit was discovered, should we now delete the entire install directory or still just install.php?
As per: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
"Tue 27th Aug '13, 3:23pm
A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation. The directories that should be deleted are:
4.X - /install/
5.X - /core/install
After deleting these directories your sites can not be affected by the issues that we’re currently investigating.
vBulletin 3.X and pre-4.1 would not be affected by these issues. However if you want the best security precautions, you can delete your install directory as well."
As per: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
"Tue 27th Aug '13, 3:23pm
A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation. The directories that should be deleted are:
4.X - /install/
5.X - /core/install
After deleting these directories your sites can not be affected by the issues that we’re currently investigating.
vBulletin 3.X and pre-4.1 would not be affected by these issues. However if you want the best security precautions, you can delete your install directory as well."
Comment