| TDIClub and TDIClub Forum News, Issues, Problems and Suggestions This is the place for updates on the website and forums. This is also the spot for forum questions, comments, ideas, gripes, requests, etc. This forum is NOT for posting problems about your car. Non-topic posts will be moved or removed. |
September 26th, 2019, 08:27
|
#1
|
|
Veteran Member
Join Date: Nov 2003
Location: Richmond, BC, Canada
|
High-severity vulnerability in vBulletin is being actively exploited
https://arstechnica.com/information-...vbulletin-bug/
The patch for this was released only yesterday. What is the status of TDI Club's software?
This should be of concern to anyone who has any personal information on the site. Apparently hackers can take control of the server with a known exploit.
__________________
2004 Golf GLS TDI 5-spd, DC Stage 1 Clutch, Evolution Atlas Skid Plate, Malone Stage 4 Tune, GT1749VB Turbo, 3 bar MAP
|
|
|
|
September 26th, 2019, 11:06
|
#2
|
|
Veteran Member
Join Date: Jul 2015
Location: North Florida
|
2nd that
Thanks for posting, I just read same article...
Hope admins/hosting catch on quickly!!!
|
|
|
|
|
September 26th, 2019, 14:13
|
#3
|
|
Veteran Member
Join Date: Nov 2003
Location: Richmond, BC, Canada
|
I sent PM to Fred also.
__________________
2004 Golf GLS TDI 5-spd, DC Stage 1 Clutch, Evolution Atlas Skid Plate, Malone Stage 4 Tune, GT1749VB Turbo, 3 bar MAP
|
|
|
|
|
September 27th, 2019, 06:38
|
#4
|
|
Veteran Member
Join Date: May 2009
Location: Ellenville, NY
|
Especially since this site is running a very old version of Vbulletin that it would be quite vulnerable I would think.
__________________
99.5 Black Jetta TDI; DLC1019 nozzles, G60/VR6, ASV pistons, EGR delete, ASR/EDL, bilstein TCs MFA cluster.. Beater car. 395K miles and climbing. 
09 Jetta Gasser, autofailmatic. Backup car. 230K.
|
|
|
|
|
September 27th, 2019, 07:38
|
#5
|
|
TDIClub Enthusiast
ToofTek Inventor
Join Date: Oct 2005
Location: Newark, OH
|
If the article is accurate, the bug may only affect vBulletin 5.0+?
Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be vulnerable to this specific vulnerability?
__________________
Quote:
|
Originally Posted by Upton Sinclair
It is difficult to get a man to understand something, when his salary depends upon his not understanding it!
|
|
|
|
|
September 27th, 2019, 10:55
|
#6
|
|
not-a-mechanic
Join Date: May 2004
Location: central Ohio
|
Quote:
Originally Posted by bhtooefr
.....................snip.........................
Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be ..........snip...........
|
LOL Now you're just trying to scare us.
So I guess best practice is to not share any info you don't want seen by anyone, good practice for any social media.
|
|
|
|
|
October 4th, 2019, 07:06
|
#7
|
|
Newbie
Join Date: Nov 2007
Location: Not your info
|
I work in cybersecurity now and have experience in managing servers, patching, etc.
I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.
https://www.vbulletin.com/en/features/
I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.
I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.
It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.
Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins.
Last edited by sjjubb1989; October 4th, 2019 at 07:19.
|
|
|
|
|
October 4th, 2019, 13:47
|
#8
|
|
not-a-mechanic
Join Date: May 2004
Location: central Ohio
|
Quote:
Originally Posted by sjjubb1989
I work in cybersecurity now and have experience in managing servers, patching, etc.
I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.
https://www.vbulletin.com/en/features/
I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.
I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.
It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.
Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins. |
Contact Fred, or a moderator (listed at the bottom when they're here) or wait until they see this. They're pretty laid back, wonderful forum. Guessing it's web hosted on their machine.
|
|
|
|
|
October 23rd, 2019, 07:59
|
#9
|
|
Newbie
Join Date: Nov 2007
Location: Not your info
|
*Bump*
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 06:55.
|
© 1996 - 2017, All Rights Reserved