CI Host

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Azooz
    New Member
    • Oct 2000
    • 11
    #1

    CI Host

    I have 17 sites hosted by CI Host - I like them.

    I have 4 vBulliten licences - they do not care about security.

    If you are hosted by CI Host and have vBulliten - please password protect your stat - or ask CI host's support to remove them.

    vBulliten chose to blame me for makeing my stats available to hackers - I have been asking them for 2 months to plug this security hole - here it is - you be the judge:-

    When you login to the Admin - vBulliten sends your user ID and password thru the browser URL - where any hacker can get it - and they do!

    August I baught this problem to vBullitne's atention - they thought is was "unimportant".

    Can anyone tell me why CI Host is to blame for this?

    Log into vBulliten and your user ID and password is in the URL - available to all !

    UBB - Ultra and InfityBoard.com do not have this problem.
    Tags: None
    • JimF
      Senior Member
      • May 2000
      • 1988
      #2
      Are you talking about the vBulletin Admin section, or the CI Host admin section??

      If you are talking about the vBulletin Control Panel, I suggest you upgrade to the most recent version of this, as the passwords are now encrypted. I believe that went into effect in version 1.1.2.

      If you are talking about CI Host's Admin section, there is little that anybody here can do to help you. Besides urge you to switch hosts, seeing as CI Host has the worst reputation in the hosting industry.

      -jim

        Comment

        • George L
          Former vBulletin Support
          • May 2000
          • 32996
          • 3.8.x
          #3
          yeah..... ruuuuuuunnn now!!!

          they last year neglected to register my domain, delayed my site setup and when i cancelled they gave me a nice going away present, and wrongly charged me $500 !!!! took months to get it and eventually got a charge back
          :: Always Back Up Forum Database + Attachments BEFORE upgrading !
          :: Nginx SPDY SSL - World Flags Demo [video results]
          :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

            Comment

            • Azooz
              New Member
              • Oct 2000
              • 11
              #4
              I never said CI Host was the best, but they care about security.

              The password is encrypted - but the encrypted password is in the URL. All you have to do is to click on the Admin's sent user ID and encrypted password and you are into the admin menu. Try it on one of your friends - it's a lot of fun :-)

              Question:

              Does anyone else find it strange that I have to complain about a security hole in vBulliten for months?

              It is a very old problem - was solved a long time ago. This problem was on Matt's old board script and patched in less than a day. Just remove the user ID and password (even encrypted) from the browser sent URL - no big science and not that hard to do really.

                Comment

                • JimF
                  Senior Member
                  • May 2000
                  • 1988
                  #5
                  I still don't understand where the problem is...

                    Comment

                    Previous template Next
                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...