• Welcome to BirdForum, the internet's largest birding community with thousands of members from all over the world. The forums are dedicated to wild birds, birding, binoculars and equipment and all that goes with it.

    Please register for an account to take part in the discussions in the forum, post your pictures in the gallery and more.
ZEISS DTI thermal imaging cameras. For more discoveries at night, and during the day.

Security Breach w/ vBulletin using Avatars (1 Viewer)

M

MI_Phil

Well-known member
Well seen this posted at a Linux site about how Ubuntu Forums were taken down by malicious hackers via a flaw in how Avatars are accessed. Seems they were able to retrieve passwords of users. So in essence if you use the same username/password at multiple sites they all could be at risk. I removed my avatar here and at other sites powered by vBulletin as a safety precaution.

Here's a link to the Ubuntu article if you care to read more.
https://news.ycombinator.com/item?id=6076381
phil
 
Hi Phil,

The way I read it the 'avatar' belonged to the hacker, it was set to be loaded from a remote site that served a meta-redirect. Avatars served from the local site should be fine.

I was involved in trying to figure out a similar vB forum issue last week where the redirect (via Google and Bing search results based on the site's RSS feeds - not a direct link to the landing page itself, that was clean) to a file hosting site which in turn triggered some potentially dangerous popups/exploit packs hosted on other, unknown sites. Last I heard from the owner was that he was blaming an old 3rd party vB plugin yet he had no clue where the trigger was in his own site.

I'll try to have your link corrected, here's what it should be: https://news.ycombinator.com/item?id=6076381
 
Hi,

Thanks for bringing this to our attention. I've looked at the link you provided and it doesn't really provide much detail. I'm not aware of any avatar-related vBulletin exploits in the version that we run, but I will try and dig a bit more and find out what's going on just in case. It does sound like it was an avatar used by the 'hacker' to exploit the system, and not that those users who have avatars were vunerable.

It's definitely worth noting that we do run additional security software on the server to try and prevent such exploits from being taken advantage of, and take other precautions (for example, users aren't allowed to have avatars until they have become 'active' members).

Regardless, we definitely encourage users to be careful about using the same password for all their logins, especially for banks and other financial services.

Ollie
 
Warning! This thread is more than 11 years ago old.
It's likely that no further discussion is required, in which case we recommend starting a new thread. If however you feel your response is required you can still do so.

Similar threads

Troubador
Zeiss SFL 10x40: A Field Review
2 3 4
Replies
60
Views
18K
Dyrlege
D
jape
security and backups
Replies
5
Views
1K
CalvinFold
CalvinFold
A
New guy, new Swaros: Comments on CL Pocket, CL B Companion, and EL 8x32 Fieldpro
2
Replies
29
Views
7K
tenex
tenex
S
7x42 EDG II new purchase & findings in use
Replies
8
Views
2K
SeldomPerched
S
wolfbirder
Trying to sweep up in Southern Israel 21-26 February 2020
2 3 4
Replies
78
Views
13K
wolfbirder
wolfbirder

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Back
Top