www.tdiclub.com

Economy - Longevity - Performance
The #1 Source of TDI Information on the Web!
Forums Articles Links Meets
Orders TDI Club Cards TDIFest 2016 Gone, but not forgotten VAG-Com List Unit Conversions TDIClub Chat Thank You

Order your TDIClub merchandise and help support TDIClub


Go Back   TDIClub Forums > Forum and Web Page Info > TDIClub and TDIClub Forum News, Issues, Problems and Suggestions

TDIClub and TDIClub Forum News, Issues, Problems and Suggestions This is the place for updates on the website and forums. This is also the spot for forum questions, comments, ideas, gripes, requests, etc. This forum is NOT for posting problems about your car. Non-topic posts will be moved or removed.

Reply
 
Thread Tools
Old September 26th, 2019, 07:27   #1
Mike_04GolfTDI
Veteran Member
 
Mike_04GolfTDI's Avatar
 
Join Date: Nov 2003
Location: Richmond, BC, Canada
Default High-severity vulnerability in vBulletin is being actively exploited

https://arstechnica.com/information-...vbulletin-bug/

The patch for this was released only yesterday. What is the status of TDI Club's software?

This should be of concern to anyone who has any personal information on the site. Apparently hackers can take control of the server with a known exploit.
__________________
2004 Golf GLS TDI 5-spd, DC Stage 1 Clutch, Evolution Atlas Skid Plate, Malone Stage 4 Tune, GT1749VB Turbo, 3 bar MAP
Mike_04GolfTDI is online now   Reply With Quote
Old September 26th, 2019, 10:06   #2
B3achbum
Veteran Member
 
Join Date: Jul 2015
Location: North Florida
Default 2nd that

Thanks for posting, I just read same article...
Hope admins/hosting catch on quickly!!!
B3achbum is offline   Reply With Quote
Old September 26th, 2019, 13:13   #3
Mike_04GolfTDI
Veteran Member
 
Mike_04GolfTDI's Avatar
 
Join Date: Nov 2003
Location: Richmond, BC, Canada
Default

I sent PM to Fred also.
__________________
2004 Golf GLS TDI 5-spd, DC Stage 1 Clutch, Evolution Atlas Skid Plate, Malone Stage 4 Tune, GT1749VB Turbo, 3 bar MAP
Mike_04GolfTDI is online now   Reply With Quote
Old September 27th, 2019, 05:38   #4
turbocharged798
Veteran Member
 
turbocharged798's Avatar
 
Join Date: May 2009
Location: Ellenville, NY
Fuel Economy: 40-50mpg
Default

Especially since this site is running a very old version of Vbulletin that it would be quite vulnerable I would think.
__________________
99.5 Black Jetta TDI; DLC1019 nozzles, G60/VR6, ASV pistons, EGR delete, ASR/EDL, bilstein TCs MFA cluster.. Beater car. 395K miles and climbing.
09 Jetta Gasser, autofailmatic. Backup car. 230K.
turbocharged798 is offline   Reply With Quote
Old September 27th, 2019, 06:38   #5
bhtooefr
TDIClub Enthusiast
ToofTek Inventor
 
bhtooefr's Avatar
 
Join Date: Oct 2005
Location: Newark, OH
TDI(s): None
Default

If the article is accurate, the bug may only affect vBulletin 5.0+?

Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be vulnerable to this specific vulnerability?
__________________

Quote:
Originally Posted by Upton Sinclair
It is difficult to get a man to understand something, when his salary depends upon his not understanding it!
bhtooefr is offline   Reply With Quote
Old September 27th, 2019, 09:55   #6
BobnOH
not-a-mechanic
 
Join Date: May 2004
Location: central Ohio
Fuel Economy: 50/45/35
Default

Quote:
Originally Posted by bhtooefr View Post
.....................snip.........................
Considering TDIClub's on the 3.8 branch - which is quite outdated and insecure - it may not be ..........snip...........
LOL Now you're just trying to scare us.
So I guess best practice is to not share any info you don't want seen by anyone, good practice for any social media.
BobnOH is online now   Reply With Quote
Old October 4th, 2019, 06:06   #7
sjjubb1989
Newbie
 
sjjubb1989's Avatar
 
Join Date: Nov 2007
Location: Not your info
TDI(s): None
Default

I work in cybersecurity now and have experience in managing servers, patching, etc.

I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.


https://www.vbulletin.com/en/features/


I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.

I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.


It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.

Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins.

Last edited by sjjubb1989; October 4th, 2019 at 06:19.
sjjubb1989 is offline   Reply With Quote
Old October 4th, 2019, 12:47   #8
BobnOH
not-a-mechanic
 
Join Date: May 2004
Location: central Ohio
Fuel Economy: 50/45/35
Default

Quote:
Originally Posted by sjjubb1989 View Post
I work in cybersecurity now and have experience in managing servers, patching, etc.

I'd be more than happy to purchase the license to upgrade these forums to the latest version of vBulletin (Approx $210US to an upgrade license) if the owner was willing to put the time in to update it.


https://www.vbulletin.com/en/features/


I haven't been an active member here for a long time, I logged in for the first time in nearly 10 years but have been a frequent reader of these forums.

I'd volunteer my services, etc, however if this were my forum I wouldn't trust a random person on the internet to manage my site & servers.


It'd be a shame to see this site go away or get hacked, it is a wealth of information that would be missed.

Edit: Also is this hosted via a web hosting company or in a cloud environment? Other things that should be looked at is the current version of Apache and PHP, as well as any plugins.
Contact Fred, or a moderator (listed at the bottom when they're here) or wait until they see this. They're pretty laid back, wonderful forum. Guessing it's web hosted on their machine.
BobnOH is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Millions of Volkswagens have a vulnerability where the car can be unlocked by hackers Windex Ontario 11 August 15th, 2016 11:45
A3 clutch slipping questions, severity, suggestions blizzak VW MKIII-A3/B4 TDIs 3 May 4th, 2010 14:59
oil pan vulnerability Dennisr VW MKIV-A4 TDIs (VE and PD) 21 February 8th, 2003 00:11
Engine Fault Severity paulboeck VW MKIV-A4 TDIs (VE and PD) 4 February 28th, 2002 13:08


All times are GMT -7. The time now is 11:58.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright - TDIClub Online LTD - 2017
Contact Us | Privacy Statement | Forum Rules | Disclaimer
TDIClub Online Ltd (TDIClub.com) is not affiliated with the VWoA or VWAG and is supported by contributions from viewers like you.
1996 - 2017, All Rights Reserved
Page generated in 0.15506 seconds with 13 queries
[Output: 89.16 Kb. compressed to 76.85 Kb. by saving 12.31 Kb. (13.80%)]