Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
baggage can be easily discarded. it's whether u want or don't want to. all that's matter is in your mind.
you can live life happily or u can choose to live it with full of anger and resent. whichever it is, the one suffering or enjoying life is ultimately yourself.
35,000 Websites Hacked Using Vulnerability in vBulletin Forum Software
35,000 Websites Hacked Using Vulnerability in vBulletin Forum Software
By DAVID GILBERT October 15, 2013 1:19 PM BST
Despite warnings from company behind vBulletin, tens of thousands of websites using the software have been hacked.
More than 35,000 websites using the vBulletin CMS software have been hacked according to security firm Imperva (Reuters)
vBulletin is the fourth most popular content management system (CMS) on the internet with over 100,000 websites powered by its software, but a weakness in its security has seen hackers exploit tens of thousands of these websites using easily available and automated exploit tools to add administrator accounts to the affected sites.
In late August Internet Brands, the company behind vBulletin, issued a warning to all customers running versions 4.x and 5.x of its software, that they needed to remove two directories ( "/install" and "/core/install") on sites using the system or they would leave themselves open to an unspecified attack.
It seems that many customers didn't listen, and security company Imperva has revealed that over 35,000 websites running vBulletin have been hacked using this vulnerability. EA, Zynga, Sony and Steam are all listed as vBulletin customers on the company's website.
Root cause
While Internet Brands didn't specify the root cause of the vulnerability, Imperva was able to determine how attacks breached the websites' security.
The security flaw "allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account."
Once the hacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the site supported by its CMS.
The people behind the attacks have been able to quickly identify websites which could be vulnerable to attack, and according to Amichai Shulman, Imperva's chief technology officer, the attackers could be using a botnet - a group of hacked PCs - to get around a problem of retrieving automated results.
Automated
Speaking to security researcher Brian Krebs, Shulman said: "In order to infect 30,000 targets in such a short period of time you need Google, but the problem is that you can't retrieve so many search results that easily in an automated way. Google may show you that there are 30,000 [vulnerable target sites], but when you start scrolling through them all you may get to maybe page five or six [before] you get a message that your machine is performing automated queries, and it will start showing you CAPTCHA," challenges to block automated lookups. "And if I repeat this behaviour from the same Internet address, I'll get blocked for a certain period of time."
By distributing the searches through many different internet addressepers by using a botnet, the attackers can overcome this problem.
"These guys can instruct each part of that distributed network to perform a partial search that would return a part of the entire results," Imperva's director of security strategy, Barry Shteiman said. "That way they can get the list sliced into much smaller pieces that a single machine can then crawl and scrape."
vBulletin has refused to confirm or deny if the vulnerability found by imperva is the same one it wanred about in late August, simply repeating the advise it gave initially, to remove the "/install" and/or "/core/install" folders. If you operate a vBulletin site and still have those directories installed, it is probalby worth while checking to see if any new administrator accounts have been added recently.
