Register Login
Mr FIAT - Your #1 source for vintage car parts
Reply
 
Thread Tools
Old 14-09-2016   #1
\_(ツ)_/
 
Lambie's Avatar
Join Date: Feb 2016
Location: Stuck in A414 traffic
Posts: 155
Thanks: 1
Trader Rating: 0
Lambie has donated!
Egg Catcher Champion
United Kingdom 
Thumbs up (speculation) Site update warning

Hi All.

Now this is speculation, since I can't directly see what version of vBulletin this forum uses (3.8.8 according to the js files, but could be cached). But I follow Troy Hunt, a security expert known for bringing together publically released dumps of stolen data to the site haveibeenpwned.com. This site lets you search to see if your details have been involved with a leak.

Recently a trend has been happening where outdated vBulletin boards are being targeted. So far from what I've seen on the interwebs, Versions 3.8.9, 3.8.10 beta, 4.2.3, 4.2.4 beta, and 5.2.3 are vulnerable to a type of attack that grants hackers access to the caches, and has reportedly been used to steal cached database data.

I see the website is currently at 3.8.8, which I think is deemed not vulnerable, so all is well right now. Just wanted to give the admins a heads up so the bad guys don't try punishing your awesome community.

I may have posted this in the wrong place, if so I'm sorry about that!
__________________

Last edited by Lambie; 14-09-2016 at 10:50.
Lambie is offline Reply With Quote Quote 
Old 14-09-2016   #2
ben
The Boss
 
ben's Avatar
Join Date: Mar 2002
Location: Taipei
Posts: 12,815
Thanks: 356
Blog Entries: 185
Trader Rating: 0
ben has donated!
ben is an honorary friend of the forum :)
King Pong Champion, e+Casino Blackjack Paper Champion, President vs Invaders Champion, Funny Clown vs Balloons Champion, Table Tennis 2.5D Champion
Taiwan 
Re: (speculation) Site update warning

Cheers buddy - we're not actually on 3.8.8 - but it's always good to know of any latest developments.

The vulnerability I think you are talking about was patched on August 1 and was related to redirecting via a malicious upload/url fetch.

And yes, that gave you full mysql access
Thanks Lambie thanked for this post
__________________


my name is ben, i live in the east, i'm always working on the forum, i like pancakes.

MAKE MITTENS FAMOUS - https://www.instagram.com/heymittens/
ben is offline Reply With Quote Quote 
Old 15-09-2016   #3
\_(ツ)_/
 
Lambie's Avatar
Join Date: Feb 2016
Location: Stuck in A414 traffic
Posts: 155
Thanks: 1
Trader Rating: 0
Lambie has donated!
Egg Catcher Champion
United Kingdom 
Re: (speculation) Site update warning

Quote Originally Posted by ben View Post
Cheers buddy - we're not actually on 3.8.8 - but it's always good to know of any latest developments.

The vulnerability I think you are talking about was patched on August 1 and was related to redirecting via a malicious upload/url fetch.

And yes, that gave you full mysql access
No problem - just didn't want the site to go the way a lot of vBulletin sites are going right now!

Good to hear you guys keep up with the patches that go on, thanks for that!
Likes SB1500, ben liked this post
__________________
Lambie is offline Reply With Quote Quote 
Reply
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump
Similar Threads
Thread Thread Starter Forum Replies Last Post
Blue and Me site always says update available cgentil Blue and Me 0 25-01-2015 20:46
New Blue&Me site and 5.5 Nav update for Bravo/Punto Evo GXbox Blue and Me 0 15-11-2010 22:55
(G) Road Rat Site Update default_user Panda (Classic) 0 29-12-2006 22:16
(G) Road Rat site update default_user Panda (Classic) 0 15-08-2006 20:20