Forum protection

**Jake Bunce** · Sat 13 Sep '08, 2:06pm

I am not aware of either of those vulnerabilities. But you can ensure that your forum has the latest security updates by upgrading to the latest stable version (currently 3.7.3 PL1).

**flasher33** · Sat 13 Sep '08, 2:53pm

well there are vulnerabilities in regards to the forum custom made styles where a redirect page code is injected in the SQL DB and also with the offical VB defult style.

the maine issue is the spacer_open and spacer_close template. Are they protected or not?
in regards to the 3.7.3 PL1 (functionality) it ok and till now there is no problem with it.

**Jake Bunce** · Sat 13 Sep '08, 8:15pm

I have never heard of any vulnerabilities relating to those template variables. 3.7.3 PL1 currently has no known security problems.

**clasione** · Tue 14 Oct '08, 5:05pm

My spacer_open table keeps getting hacked with an SQL injection.... I can never find any information on this but I am getting hacked over and over again... http://clasione.blogspot.com/2008/10...lestinian.html

**Jobe1986** · Wed 15 Oct '08, 1:48am

And I have my usual comment, if this accusation of it being a hole in vBulletin and NOT anything else is true, then why are only small sites getting hit, and not tha majority of vBulletin powered sites suchs as THIS one, my own and mnay thousands of others?

**clasione** · Wed 15 Oct '08, 3:13am

How about a recomendation for a solution Jobe.....

**flashgordon** · Wed 15 Oct '08, 8:05am

Originally posted by clasione

How about a recomendation for a solution Jobe.....

Check your server, clasione. You have a security hole, somewhere.

**clasione** · Wed 15 Oct '08, 8:08am

I had Rackspace check the server and I disabled a function they thought woudl help tighted it up although it happened again.... they are suggesting that it is the software... I have thus found a solution by elliminating that template since it is the same exact one which keeps getting exploited... Hopefully this will enable them from using it...

**flashgordon** · Wed 15 Oct '08, 8:53am

Originally posted by clasione

Hopefully this will enable them from using it...

Highly unlikely. If they repeatedly hacked your server, they will do it again.
Check the server logs or have your host check them.
Also check the server's temporary directories.

**clasione** · Wed 15 Oct '08, 8:57am

I have checked a good number of things lately and the spacer_open template has been the single exploit point this far on multiple forums multiple times... I have disabled the template from being called. I'll know shortly if another entry point can be used. This has happened about 8 times already.

**Jobe1986** · Wed 15 Oct '08, 11:35am

The next step would be to run the forum, fixed from the hack for a while, with NO plug-ins enabled, using
define('DISABLE_HOOKS', true);
in config.php

**clasione** · Wed 15 Oct '08, 11:47am

Thanks for the advice... Both forums have plug-ins but neither share the same plug in... So I was thinking it is not a plug-in issue as one of them would not have had the vulnerable plugin for them to both get hacked the same way..... Atleast that was what I was thinking.

**Simon Lloyd** · Wed 15 Oct '08, 12:54pm

Are you sure you dont have a public ftp open on your server which allowing them to exploit your php files?

Forum protection

Forum protection

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment