The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

vBulletin insecure?

Discussion in 'General Discussion' started by gkgcpanel, Jan 29, 2009.

  1. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    We have had 3 sites that were all hacked within the last 2 sites. No other sites are effected. All 3 of these were running some version of vBulletin.

    We did restore the sites from backup, and within hours they were hacked again.

    We can find no point of entry directly to the server. These 3 sites are the only ones running vBulletin at this time.

    I can find no mention of any security issues with vBulletin, but it's the only common link for all 3 sites.

    Anyone run into this before? Should be stop allowing vBulletin scripts all together..?
     
  2. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    16
    Are you running the latest version of vbulletin?
     
  3. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    Were you using the latest version of vBulletin? Or at the very least apply the security fixes? Are the boards heavily modded, and if so, were all the mods updated? Are you using any PHP security features like open_basedir and/or suPHP?

    More importantly, have you determined how the sites were hacked in the first place so you can close up the security hole?
     
  4. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    Aslo right forum for questions about vBulletin would be their official support forum.
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    vBulliten can be hacked very easily regardless of security features enabled on your server. This article explains what you need to do to secure vBulliten: http://servertune.com/kbase/entry/339/

    Although nothing in the cyberspace is "bullet proof", but what's in the article should help stop the bad guys.
     
  6. EJeanmaire

    EJeanmaire Member

    Joined:
    Mar 26, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    From my experience over the years, all of the off the shelf php scripts... (vBulletin, phpBB, phpnuke, etc etc) are targets for exploiters. If your version is out of date, you are an easy target. If you are on the current version, you still have some risk as the vendors can be slow to release patches. IMHO stay away unless you are diligent on upgrading.
     
  7. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    BY off the shelf PHP scripts you would include Cpanel right ?
    The issues with VBulletin are MUCH different from issues with Phpbb and others. If your server is setup securely and software is relatively recent most if not all of the exploits can be avoided.

    Id be willing to bet the VB installs are really old. Its asking for trouble to not keep software updated
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    cPanel is coded in Perl, not PHP.
     

Share This Page