Announcement

Collapse
No announcement yet.

Zero-day Exploit

Collapse
X
Collapse
First Prev Next Last
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Zero-day Exploit

    Just wondering if anybody else woke up today to find out that got hit by the "Zero-day" exploit?

    Our site became unresponsive around 4:57a CST this morning. We basically backed up our database, and then did a brand new installation but chose to run /core/install/upgrade.php as the final step of installing.

    Based on that approach, we are back up and running like nothing happened, though we may have to reinstall some of the mods from here -- not sure.

    #2
    I lost a site. using the temp fix until the patch is released. My lost site is staying offline until I can restore the db and re-install.

    Comment


      #3
      Yeah, gonna watch for that patch and also using the temp fix. Weird that they closed the threads discussing it on the support forums -- we can't help each other if they close them.

      I am concerned that the temp fix is only closing one of several holes though.

      Comment


        #4
        So much time wasted if you count all the hours people are dealing with this mess. I don't like the way vb approaches it.

        Comment


          #5
          True, but as someone in the software development industry, I do have sympathy for their position. Hacking is prevalent beyond imagination and the resources it takes to fight it can absolutely drain a company. As long as they are "on it" and giving us a solution ASAP, I don't know what more we can ask.

          At some point we have to take ownership and make sure we have our backups in place and the security on our own systems setup with the expectation that ALL software will get hacked, so how do you minimize the downtime "if and when", regardless which hole is pierced.

          I do not like that they kept closing the threads -- that was our line of communication to discuss. They need to just ignore the people complaining while others figure out quick steps to solve the issue temporarily until they get a patch out. That's my beef with how it was handled.

          Comment


          • NumNum
            NumNum commented
            Editing a comment
            and I'm sure the under staffing doesn't help when dealing with these.

            Closing the threads was a bad choice; as you said, ignore the complaining rhetoric and work on the solutions.

          #6
          I opened a ticket with VB and Wayne Luke fixed it for me. Free. I was pretty amazed at the service.

          Comment


          • NumNum
            NumNum commented
            Editing a comment
            They do get a bad rap at times.

          • Mitch
            Mitch commented
            Editing a comment
            Niceee,,, Thanks for the report. Wayne does a great job. Having to deal with a bug laced software day in and day out can't be easy

          #7
          Wayne explained why the threads were closed, they were becoming magnets for former customers who still have old vB3 licenses to turn up and attack the company (again). This then ties up support resource wading through these and fishing out the deliberate lies and insults when that resource is better deployed helping customers recover their sites.

          The support forums are for customers to get support, not air decade-old grudges against the company. Genuine support threads relating to the issue were left open.

          Comment


            #8
            You guys rock. I am so thankful that you have stuck through all the rhetoric. Stay strong!

            Comment


              #9
              We got hit last week on 9/25 also. Restored home directory and DB from a backup but forum was still whacked and missing other key files.

              Fortunately we are hosted by Hostway and they had complete server backups. They did a complete server backup and then I was able to apply the 5.5.2 patch that is currently available on vB. Change all passwords and force members to do the same.

              Was definitely a "OH CRAP !!!" moment.

              Fingers crossed they don't come back or vB can get a permanent patch released to address the holes.

              Comment

              Users Viewing This Page

              Collapse

              There is 1 user viewing this forum topic.

              • Guest Guest

              Latest Posts

              Collapse

              Working...
              X
              Searching...Please wait.
              An unexpected error was returned: 'Your submission could not be processed because you have logged in since the previous page was loaded.

              Please push the back button and reload the previous window.'
              An unexpected error was returned: 'Your submission could not be processed because the token has expired.

              Please push the back button and reload the previous window.'
              An internal error has occurred and the module cannot be displayed.
              There are no results that meet this criteria.
              Search Result for "|||"