vBulletin.com Compromise - Possible 0-day
Earlier today, vBulletin.com was compromised. The group conducting the attack claims to have a 0-day available that enabled the attacker to execute shell commands on the server. The attacker posted screen shots as proof and offered the exploit for sale for $7,000.
If you run vBulletin:
- carefully watch your logs.
- ensure that you apply all hardening steps possible (anybody got a good pointer to a hardening guide?)
- keep backups of your database and other configuration information
- if you can: log all port 80 traffic to your bulletin.
If you had an account on vBulletin.com, make sure you are not reusing the password. The attackers claimed to have breached macrumors.com as well. According to macrumors, that exploit was due to a shared password. There is a chance that the 0-day exploit is fake and shared passwords are the root cause.
Any other ideas?
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Keywords: vbulletin
1 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
http://www.vbulletinemail.com/Important%20Message%20Regarding%20Your%20Account%20vborg.html?utm_medium=Email&utm_source=ExactTarget&utm_campaign=
Anonymous
Nov 19th 2013
1 decade ago