vbportal?

Lordy guys. I hate seeing you having to deal with all this crap.

Idiots(hackers) like this need to be taken out back and beaten.

So maybe this is a case in point why running older software is bad. Also, no one seems to know for sure how they are attacking that site.

I'm concerned, particularly since it happened again today.

I also use LiquidWeb and have a dedicated server with them. Is the problem related to php and should be fixed by LiquidWeb, or is it the vbportal script? If I don't use vbportal, am I still at risk due to some setting in php?

It makes all the sense in the world when you actually put it into context instead of knee-jerking out a response. I'm not talking about warning that vbportal's site was about to be hacked. I'm talking about the fact that everyone else's site could be open to attack. You know, their customers? The ones who paid them for the software?

By vbportals own statements, they were notified of the vulnerability before it was made public, along with clear evidence that they (the hackers) weren't kidding around. They (vbportals) could have informed their users, at the very least the ones who actually paid them for their software, that a vulnerability existed and that users should take appropriate precautions - shut down their sites, pull up to date backups, whatever - just in case.

Sure, the hackers were trying to extort money out of vbportals, and yes that happens all the time unfortunately. That's not the point. Let me ask you this: what if instead of doing what they did the hackers immediately released the exploit to every script board and IRC channel? And suddenly a thousand copycats were sent out in to the wild to hunt down other vbportal sites? That exact kind of thing also happens all the time.

My point was, and remains, that the only reason any of us know anything about this is because of the hackers themselves. Before they went public with it there was a (admittedly small) window where vbportals could and should have made a best effort to inform existing users - and they didn't. Again, I feel bad for the guys but that doesn't excuse the lack of immediate response to this problem. The second they got that email that included copies of their httpd.conf or whatever it was that proved the hackers had gained access they should have notified their users. This could have been a lot worse.

PhPportal is experiencing some problems again

Just got this email:

But the site appears to be up.

Unfortunately, I cannot change my email address there, something I'd really love to do right now.

Update that I put in relates to http://www.phpportals.com/
NathanLedet already reported about www.vbportal.org at 9:56am

This is getting old. I know wajones, scotsmist.. and the rest are doing their best - and always have.

Good Luck.

No doubt about what you said....they are all great guys. It is just that I was logged on to their website this morning when it died down suddenly.

Faking e-Mail headers is the easiest thing and has been done for years.
Steve, since you obviously know the exploit, it would be useful to tell us what component it is, to calm down the "masse"

Good Luck guys, I won't stop using the product because of some lame ass wannabe wankers from some tech-college, I'd rather use it more :P

---

Btw. they already published something: http://securityreason.com/exploitalert/897

---

here here, I help on the portals site and I won't stop helping , in fact it makes me want to help more

Thing is these radges think its here (vbulletin) there targeting .. SAD

Please consider what your saying.

phpportals.com was notified of "a vulnerability" with no specifics but some evidience that the server had been compromised and a extortion fee of $20,000 tied to several threats. No eveidence at all was provided to verify the vulnerability as real and so could easily have been faked and/or been caused by something other than vbportal software. A 48 hour window was given to pay the extortion fee. Note here: if evidence had been passed over showing the server had been compromised beyond doubt then yes you got it, it had allready "been hacked" and not "was going to be hacked"

i got this

i got this from them today...

----------------------------
Hello Again

www.vbportal.org & www.vbportal.org/forums
are defaced

http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=45&id=4421867


vbPortal is Hacked Again By R00t[ATI] & SecAnalyst
We've tried to Advise the admin of the vbportal but we were not
successful

if you can please Advise him about the recently hacks , Defacements,
Holes and other things.


NOW i want to Delete all of their DB after mailing

You're like the 4th person to paste that message in this thread today.