• Welcome to BirdForum, the internet's largest birding community with thousands of members from all over the world. The forums are dedicated to wild birds, birding, binoculars and equipment and all that goes with it.

    Please register for an account to take part in the discussions in the forum, post your pictures in the gallery and more.
Feel the intensity, not your equipment. Maximum image quality. Minimum weight. The new ZEISS SFL, up to 30% less weight than comparable competitors.

Security Breach w/ vBulletin using Avatars (1 Viewer)


Well-known member
Well seen this posted at a Linux site about how Ubuntu Forums were taken down by malicious hackers via a flaw in how Avatars are accessed. Seems they were able to retrieve passwords of users. So in essence if you use the same username/password at multiple sites they all could be at risk. I removed my avatar here and at other sites powered by vBulletin as a safety precaution.

Here's a link to the Ubuntu article if you care to read more.


Andrew Rowlands

Well-known member
Hi Phil,

The way I read it the 'avatar' belonged to the hacker, it was set to be loaded from a remote site that served a meta-redirect. Avatars served from the local site should be fine.

I was involved in trying to figure out a similar vB forum issue last week where the redirect (via Google and Bing search results based on the site's RSS feeds - not a direct link to the landing page itself, that was clean) to a file hosting site which in turn triggered some potentially dangerous popups/exploit packs hosted on other, unknown sites. Last I heard from the owner was that he was blaming an old 3rd party vB plugin yet he had no clue where the trigger was in his own site.

I'll try to have your link corrected, here's what it should be: https://news.ycombinator.com/item?id=6076381

Green Fields

Professional Bug Remover
Staff member
United Kingdom

Thanks for bringing this to our attention. I've looked at the link you provided and it doesn't really provide much detail. I'm not aware of any avatar-related vBulletin exploits in the version that we run, but I will try and dig a bit more and find out what's going on just in case. It does sound like it was an avatar used by the 'hacker' to exploit the system, and not that those users who have avatars were vunerable.

It's definitely worth noting that we do run additional security software on the server to try and prevent such exploits from being taken advantage of, and take other precautions (for example, users aren't allowed to have avatars until they have become 'active' members).

Regardless, we definitely encourage users to be careful about using the same password for all their logins, especially for banks and other financial services.

Warning! This thread is more than 9 years ago old.
It's likely that no further discussion is required, in which case we recommend starting a new thread. If however you feel your response is required you can still do so.

Users who are viewing this thread