High-severity vulnerability in vBulletin is being actively exploited

B3achbum

Veteran Member
Joined
Jul 7, 2015
Location
North Florida
TDI
(Nigel) 2004 jw GLS 5sp / +332K miles, (Hildegarde) 2008 R320 CDI / +132K miles
2nd that

Thanks for posting, I just read same article...
Hope admins/hosting catch on quickly!!!
 

turbocharged798

Veteran Member
Joined
May 21, 2009
Location
Ellenville, NY
TDI
99.5 black ALH Jetta;09 Gasser Jetta
Especially since this site is running a very old version of Vbulletin that it would be quite vulnerable I would think.
 

bhtooefr

TDIClub Enthusiast, ToofTek Inventor
Joined
Oct 16, 2005
Location
Newark, OH
TDI
None
If the article is accurate, the bug may only affect vBulletin 5.0+?

Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be vulnerable to this specific vulnerability?
 

BobnOH

not-a-mechanic
Joined
May 29, 2004
Location
central Ohio
TDI
New Beetle 2003 manual
.....................snip.........................
Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be ..........snip...........
LOL Now you're just trying to scare us.
So I guess best practice is to not share any info you don't want seen by anyone, good practice for any social media.
 

sjjubb1989

Member
Joined
Nov 20, 2007
Location
Not your info
TDI
None
I work in cybersecurity now and have experience in managing servers, patching, etc.

I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.


https://www.vbulletin.com/en/features/


I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.

I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.


It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.

Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins.
 
Last edited:

BobnOH

not-a-mechanic
Joined
May 29, 2004
Location
central Ohio
TDI
New Beetle 2003 manual
I work in cybersecurity now and have experience in managing servers, patching, etc.

I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.


https://www.vbulletin.com/en/features/


I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.

I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.


It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.

Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins.
Contact Fred, or a moderator (listed at the bottom when they're here) or wait until they see this. They're pretty laid back, wonderful forum. Guessing it's web hosted on their machine.
 
Top