Announcement

Collapse
No announcement yet.

Forum security question

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Forum security question

    There seems to be a very big hole in vbulletin that's being exploited in the wild (a lot), can I please check whether this site has had the suggested fixes?
    A new type hack method? - vBulletin Community Forum
    http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/3991429-a-new-type-hack-method?p=3993335#post3993335
    Hello, When I entered my forum homepage a little while ago, I met with this page: http://imageshack.us/a/img842/6846/dqc4.jpg First I've checked my

    Thanks
    John
    Last edited by DrJon; 11-09-2013, 22:15.
    Tags: None
    #2
    Re: Forum security question

    I will send you a reply by e-mail later today. I don't think it is a good idea to discuss our forum security protocols on the forum.
    Robert
    robert@eos-magazine.com

    Comment

      #3
      Re: Forum security question

      No problem, although there is nothing here the bad guys aren't 100% aware of. (I ask as I'm getting e-mails from some of the bigger forums I'm on saying "err, sorry, we've been hacked, please change your password".)

      The Notebook Review thread on them being hacked is particularly, err, enthusiastic:
      TechnologyGuide
      http://forum.notebookreview.com/site-suggestions-help-announcements/731846-notebookreview-forum-user-notification-urgent-alert-security-breach-8.html
      Thank you for visiting the TechnologyGuide network. Unfortunately, these forums are no longer active. We extend a heartfelt thank you to the entire community for their steadfast support—it is really you, our readers, that drove

      (I enjoyed it once I, more-or-less, got over them losing my login and password details and they confirmed their passwords were salted. Would have been even more fun if they hadn't lost them though...)
      Last edited by DrJon; 12-09-2013, 09:16.

      Comment

        #4
        Re: Forum security question

        Hi DrJon,

        I was going to send you an e-mail response, but have decided to post a reply instead.

        As mentioned above, I am not going to discuss any measures we might have taken with regard to the security of this forum, except to say that we take note of advice issued by vBulletin (which provides the software that runs this forum). We also take other steps to protect the integrity of the forum.

        That's it, really, except to remind everyone that security on the internet is a two-way operation. Do you use the same password for different sites? Not a good idea. Do you use the same e-mail address for online banking and forums? Not a good idea.
        Robert
        robert@eos-magazine.com

        Comment

          #5
          Re: Forum security question

          Okay, thanks for the reply. One of my hats at the last firm was internet security and it's always difficult to know how technical people running online sites are, so I thought I'd mention this, as some big names were getting done.

          My feeling is Security through Obscurity is almost never a good idea, but it isn't my call here and I won't go on about it. I assume you would report if you found evidence you had been hacked rather than expect all users to have unique-here passwords and not mention it. (No, that isn't a question, as I said I'm done.)
          Last edited by DrJon; 13-09-2013, 10:08.

          Comment

          Previous template Next
          Working...
          X