Welcome to WebmasterWorld Guest from 54.162.109.245

Forum Moderators: rogerd

Message Too Old, No Replies

vBulletin + VBSEO Exploit in the Wild

     
9:13 am on Feb 22, 2012 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14100
votes: 172


I don't know why this hasn't been reported. But vBulletin installations running VBSEO should be updated to the latest version. There is an exploit going around. More information at VBSEO.com. [vbseo.com]

A forum I frequent triggered an antivirus popup warning of a trojan download and then a few weeks later it actually started redirecting referrals from Google. I did a site: search of the forum for the word viagra and the Google cache shows the alternate web page the forum is redirecting to. Nasty stuff.
3:20 pm on Feb 23, 2012 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:Jan 20, 2005
posts:489
votes: 0


This is very nasty, indeed. Thanks for bringing this to attention!

The exploit was actually on the end of vbseo as their server was compromised. The remotely-hosted version checker was able to inject code as a vBulletin plugin and from there, pretty much given free reign over a vBulletin-powered board.

Lots of questions and until now, not enough answers.

After reading this, I did a search for a popular forum I know and sure enough, as a Google referral, I was redirected to a scammy affiliate site.
6:07 pm on Feb 23, 2012 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14100
votes: 172


Thanks for the explanation of how the exploit works. Be careful visiting one of the infected vBulletin sites, some of them are handing out nasty trojans that are difficult to remove.
7:28 am on Mar 27, 2012 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14100
votes: 172


The VBSEO exploit just took another turn. Some forum owners have updated their sites after being hit by the first wave of this VBulletin hack but kept VBSEO, along with the apparent vulnerabilities. Now there is a second wave of hackings exploiting the hole and obtaining admin access, inspiring this thread on the vbulletins forum [vbulletin.com].

It's a mess. I saw one site where the entire site redirects to another website. I did some searching and found a forum that had at least one member's entire five year posting history replaced by links to a specific site. Really nasty stuff.
7:33 am on Mar 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Stuff like this is one of the biggest reasons why WebmasterWorld should never move to VB, PHPbb or others of similar ilk.
8:01 am on Mar 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2002
posts:3181
votes: 9


Stuff like this is one of the biggest reasons why WebmasterWorld should never move to VB, PHPbb or others of similar ilk


i think this is true of all widely distributed CMS, Forums, Carts etc. they are all targets of hackers looking for exploits.

OT ... that would never happen, building this from the ground up was BT's passion!
9:06 am on Mar 27, 2012 (gmt 0)

New User

5+ Year Member

joined:June 14, 2010
posts:12
votes: 0


vBulletin itself is very safe. Most issues are caused by 3rd party add-ons.
So I would prefer WebmasterWorld moving to vB it's way more user friendly than the current software.