I was very dismayed today to find my vBulletin 5.0.4 has been hacked. I work in the IT industry and my server infrastructure is definitely secure, in fact it runs on a dedicated BSD Unix host server using the same configuration as my e-commerce servers, which process credit card transactions every day and have never been hacked. I have no remote access into the system enabled except via strong 4096-bit SSH host keys, I'm currently running Apache apache22-2.2.25, PHP 5.4.17, and MySQL 5.6.13. The web server itself runs inside a CHROOT JAIL environment on the latest patched version of FreeBSD 8.4, the host is *not* compromised, and the apache daemon and mysql daemon are both isolated from the host operating system. I also run a file integrity monitoring tool from outside of the jail looking in, and have found no changes were made to the filesystem when it was hacked. That tells me there's a vulnerability in vBulletin 5.0.4 itself that was exploited and messed up my database. Fortunately I have daily backups and can roll back, but that doesn't fix the issue of *how* it was hacked. My PHP is very slightly out-of-date (5.4.20 is the latest of the 5.4.x branch) but it's unlikely that's the cause. My vBulletin admin password is unique to the site and is more than 20 characters long. No one else has admin access to the application, and absolutely no one has access to the server host root except me.
I did not see any major security holes plugged in vBulletin 5.0.5 so I'm wondering what's up. I haven't read all the release notes for 5.0.5 however. I have all apache logs available for the vBulletin team to review. To be honest I'm a little pissed that this has happened and would like to get to the bottom of this. vBulletin team, please let me know how I can get you the logs, they are large. I don't know what day or time the system was hacked but I'm sure it's all in the logs. The website is www.sjwinfo.org, a public service website about treating depression.
thanks,
Kelly
I did not see any major security holes plugged in vBulletin 5.0.5 so I'm wondering what's up. I haven't read all the release notes for 5.0.5 however. I have all apache logs available for the vBulletin team to review. To be honest I'm a little pissed that this has happened and would like to get to the bottom of this. vBulletin team, please let me know how I can get you the logs, they are large. I don't know what day or time the system was hacked but I'm sure it's all in the logs. The website is www.sjwinfo.org, a public service website about treating depression.
thanks,
Kelly
Comment