homepage Welcome to WebmasterWorld Guest from 54.204.127.56
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
vBulletin + VBSEO Exploit in the Wild
martinibuster




msg:4420392
 9:13 am on Feb 22, 2012 (gmt 0)

I don't know why this hasn't been reported. But vBulletin installations running VBSEO should be updated to the latest version. There is an exploit going around. More information at VBSEO.com. [vbseo.com]

A forum I frequent triggered an antivirus popup warning of a trojan download and then a few weeks later it actually started redirecting referrals from Google. I did a site: search of the forum for the word viagra and the Google cache shows the alternate web page the forum is redirecting to. Nasty stuff.

 

Andem




msg:4420920
 3:20 pm on Feb 23, 2012 (gmt 0)

This is very nasty, indeed. Thanks for bringing this to attention!

The exploit was actually on the end of vbseo as their server was compromised. The remotely-hosted version checker was able to inject code as a vBulletin plugin and from there, pretty much given free reign over a vBulletin-powered board.

Lots of questions and until now, not enough answers.

After reading this, I did a search for a popular forum I know and sure enough, as a Google referral, I was redirected to a scammy affiliate site.

martinibuster




msg:4421001
 6:07 pm on Feb 23, 2012 (gmt 0)

Thanks for the explanation of how the exploit works. Be careful visiting one of the infected vBulletin sites, some of them are handing out nasty trojans that are difficult to remove.

martinibuster




msg:4433811
 7:28 am on Mar 27, 2012 (gmt 0)

The VBSEO exploit just took another turn. Some forum owners have updated their sites after being hit by the first wave of this VBulletin hack but kept VBSEO, along with the apparent vulnerabilities. Now there is a second wave of hackings exploiting the hole and obtaining admin access, inspiring this thread on the vbulletins forum [vbulletin.com].

It's a mess. I saw one site where the entire site redirects to another website. I did some searching and found a forum that had at least one member's entire five year posting history replaced by links to a specific site. Really nasty stuff.

g1smd




msg:4433814
 7:33 am on Mar 27, 2012 (gmt 0)

Stuff like this is one of the biggest reasons why WebmasterWorld should never move to VB, PHPbb or others of similar ilk.

topr8




msg:4433820
 8:01 am on Mar 27, 2012 (gmt 0)

Stuff like this is one of the biggest reasons why WebmasterWorld should never move to VB, PHPbb or others of similar ilk


i think this is true of all widely distributed CMS, Forums, Carts etc. they are all targets of hackers looking for exploits.

OT ... that would never happen, building this from the ground up was BT's passion!

Ramses




msg:4433841
 9:06 am on Mar 27, 2012 (gmt 0)

vBulletin itself is very safe. Most issues are caused by 3rd party add-ons.
So I would prefer WebmasterWorld moving to vB it's way more user friendly than the current software.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved