Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: rogerd
In a statement published on their forums a couple of days ago, vBulletin’s Wayne Luke revealed that their security team discovered a sophisticated cyberattack on their systems.
“Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems,” Luke noted.
User passwords have been reset. Zero Day Exploit Hits vBulletin Versions 4.x.x and 5.x.x [news.softpedia.com]
The hackers claim to have leveraged a “critical vulnerability” in vBulletin versions 4.x.x and 5.x.x. They say they’ve exploited the same zero-day vulnerability to breach MacRumors.com.
“We've got upload shell in vBulletin server, download database and got root,” the hackers said via email. “Macrumors.com was based on vBulletin CMS. We use 0day exploit on vBulletin, got password moderator. 860000 hacked too. The network security is a myth.”
We have disabled the forums until there is resolution on a possible vulnerability.
For some details about we at DEF CON have decided to close the forums, you can check this story out:
Once we have a fix/patch installed, we'll re-open service.
Thanks! Sorry about the down-time.
What was the symptoms? What happened to your website?