vbportal?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Scott MacVicar
    Former vBulletin Developer
    • Dec 2000
    • 13286

    Was on a private list this morning that requires credentials to access, I suspect it will filter through to public lists soon.

    Not sure why'd you need to know what it entails, its a simple remote code execution exploit that can be used to install a shell.

    Best thing to do is install the updates that have been posted for vbportal or simply remove it if you dont want to do that, its a very serious error.
    Scott MacVicar

    My Blog | Twitter

    Comment

    • jw00dy
      Senior Member
      • Dec 2004
      • 144
      • 3.6.x

      Fair enough, thank you.

      I didn't get a chance to download the files from their site when it was up, so I've shut my portal off for the time being.

      Anyone know if the updated version is posted somewhere else? We're missing the portal already It can wait though as I know their is license issues involved.
      Just another squirrel trying to get a nut

      allthingsmoto.com, bodynspirit.net, & payinitoff.com

      Comment

      • mikeserv
        New Member
        • Jan 2006
        • 1

        I'd like to know a little more about what this entails, only so that I can protect against it temporarily. I am not in a position to install the updates (are they available through other means since vbportals is down?) because I'm not the actual license holder. Yes, the site owner/webmaster needs to get the updates and do this and he will soon, but that isn't possible at the moment and neither is removing vbportal from the site.

        We aren't using phpsuexec, yet the site did manage to get some readme.txt files with "Hacked By vbPortal hackers" in them.

        What I would specifically like to know is if setting disable_functions = passthru in php.ini will mitigate this for now?

        Also it was mentioned to set "the passthru setting to 1" in php.ini but I could not find a reference to that anywhere (and I did spend considerable time googling). The closest thing I could find was in the [odbc] section for binary data handling. (0 means passthru, 1 means return as is)

        I'd be grateful if someone in the know could reply.

        Comment

        • Freesteyelz
          Senior Member
          • Jan 2006
          • 530

          Originally posted by wajones

          Our host 'Liquidweb' to date has been little or no help at all. The first line tech's have responded with a few things an have tried to help, but bottom line the abuse support is non existent as far as security.

          Security has not even answered my tickets in 4 days. I ask last night to have my database restored (they supposably backup every night) Not even a answer about that.
          What about their phone support?

          Comment

          • JamieB
            Senior Member
            • Jan 2004
            • 195
            • 3.6.x

            there back well done mr jones

            Comment

            • Torqued
              Senior Member
              • Oct 2004
              • 125
              • 3.0.5

              Aaaannnd... it looks like they've been hacked/defaced *again*.

              Comment

              • Freesteyelz
                Senior Member
                • Jan 2006
                • 530

                It's up and running for me.

                Comment

                • NathanLedet
                  Senior Member
                  • Nov 2005
                  • 264
                  • 3.6.x

                  now vbPortal.org has taken a beating

                  got an e-mail:
                  Hello Again

                  www.vbportal.org & www.vbportal.org/forums
                  are defaced

                  http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=45&id=4421867


                  vbPortal is Hacked Again By R00t[ATI] & SecAnalyst
                  We've tried to Advise the admin of the vbportal but we were not
                  successful

                  if you can please Advise him about the recently hacks , Defacements,
                  Holes and other things.
                  NOW i want to Delete all of their DB after mailing

                  Comment

                  • Sergio68
                    Senior Member
                    • May 2002
                    • 817
                    • 6.0.X

                    Originally posted by Freesteyelz
                    It's up and running for me.
                    Nope.
                    Italian Body Building & Fitness : www.BodyWeb.com
                    Italian unofficial support Forum : www.vBulletin.it

                    Comment

                    • firewire
                      Senior Member
                      • May 2000
                      • 186
                      • 3.6.x

                      Seeing the hack has happened again (didn't I read in this thread the problem was fixed?), I'd like to know whether the problem is vbportal-(software)-specific, vbportal-hosting-specific or vBulletin-specific.
                      I have registered years ago for to the vbportal.org forum out of potential interest, but I am not using it, so I am asking myself right now if my site, too, is in danger.

                      Thank you for clarifying.

                      Comment

                      • Scott MacVicar
                        Former vBulletin Developer
                        • Dec 2000
                        • 13286

                        They were running vbulletin 3.0.9 + an old vbportal so it could have been either.
                        Scott MacVicar

                        My Blog | Twitter

                        Comment

                        • ixian
                          Member
                          • Aug 2001
                          • 65

                          I'm glad I didn't use a regular email alias years ago when I first signed up for that site.

                          I'm also glad I stopped using vbportals years ago even after paying the "contribution" fee or whatever they called it at the time. I feel for them, but I'm also still highly annoyed they didn't alert their userbase first before the hackers did it for them. In any case, now that they've pissed them off I suspect this will continue for a good long time.
                          Ixian
                          Maximum Gamer

                          Comment

                          • firewire
                            Senior Member
                            • May 2000
                            • 186
                            • 3.6.x

                            Just to make sure: Is vbportal.org and vbportal.com being run at the same provider, by the same people?

                            Comment

                            • BigCheeze
                              Member
                              • Sep 2002
                              • 46
                              • 3.0.7

                              Originally posted by ixian
                              I feel for them, but I'm also still highly annoyed they didn't alert their userbase first before the hackers did it for them.
                              HUH??? Alert their users that they we're about to be hacked? Does that even make any sense?

                              And apparently this an an attempt to get money. It's a pretty common ploy in the hacker community, perpetrated many times against places like Online Casinos, and even porn sites. However, they are widening the scope of targets; as unfortunately Scott & WJones have discovered.

                              Scott & WJones, please contact me if you want any assistance. With out going into details in public, I work in InfoSec. So contact me if you want, and I'll see what help I can offer.

                              Either way, good luck guys.

                              Comment

                              • kman2000
                                Member
                                • Mar 2002
                                • 38

                                Where are the patches for VBPortal? Seems like they should be made available somewhere other than on a site that is being actively attacked.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...