The Latest in IT Security

vBulletin.com Compromised

18
Nov
2013

The vBulletin team recently announced that they suffered a compromise which allowed the attackers access to vbulletin.com servers and database. On their own words:

We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.

If you have an account on vbulletin.com, consider it as compromised and change it ASAP. If you are reusing passwords and had the vbulletin password used anywhere else, you have to change these as well, and please stop reusing your passwords.

Arstechnica is covering this incident and they have more details.

My site is on vBulletin, what should I do?

First, change all your passwords. I also recommend disabling admin access (admincp), or restricting it only to trusted IP addresses until we are sure there is no 0-day out there (read the arstechnica post for more details on it).

A simple .htaccess rule like this one should help:

order deny,allow
deny from all
allow from YOURIP

If you are using our CloudProxy Firewall, it will block access to the admin panel by default unless the IP is whitelisted, minimizing the risks, you wouldn’t need those .htaccess changes.

For the paranoid, you can be as extreme as the Defcon team, and shut down your forum until the vulnerabilities are confirmed and patched.

We also highly recommend putting your forum behind a Web Application Firewall (WAF) which will likely protect you against any new attack, especially if there is a SQL injection or RFI bug somewhere. We recommend our CloudProxy Firewall, but anything at this point will suffice. ModSecurity is a good one if you like open source.

Our team is tracking this issue very closely and we will provide more details if we learn anything new.

Leave a reply


Categories

SATURDAY, AUGUST 24, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks