Code of Conduct
+ Reply to Thread
Results 1 to 12 of 12
  1. #1

    Default Security announcement

    Recently a small number of sites running the same forum software as we do have been hacked. The hack was apparently based around gaining access to a moderator/admin account and posting malicious code which allowed the hackers to gain access to the back-end databases. The forums of the creator of this software (vbulletin) was also hacked due to an unsecured testing area.

    Basenotes has not been hacked. This is just a heads-up to let you know the situation and to be as transparent as possible.

    The providers of this software (vbulletin) say:

    Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin.
    These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.

    Regards,
    Wayne Luke.



    As a precaution, we have reset passwords for all members of Basenotes which have access to the back-end.

    We are also running the latest version of this software that is available, and have used for the last few years a third-party security company to detect compromises, remove any malicious artifact and protect the Basenotes website.

    We will of course keep a close eye on the situation.

  2. #2
    hednic's Avatar
    Join Date
    Oct 2007
    Location
    McLean, NYC, & Búzios
    Posts
    78,089

    Default Re: Security announcement

    Thanks for the heads up Grant.
    Remember that while it is perfectly acceptable to criticize the content of a post - criticizing the poster is not.
    Mean spirited, nasty, snide, sarcastic, hateful, and rude individuals don't warrant or deserve other individuals' acknowledgement or respect.

  3. #3

    Default Re: Security announcement

    Thanks Grant.
    Another busy website that's in my daily routine is talkbass.com.
    Here's what the site's owner wrote:
    After watching vbulletin go down the tubes for the past several years, I decided to build our new forums on XenForo. XenForo is a new cutting-edge forum software built by the same guys that built vbulletin 3.x. It's simply the best-written forum code out now. It's been a long journey, and it's not quite over yet! Migrating 13 million posts, attachments, avatars, etc is no easy task, but we hope to perform the final migration mid December or early January.
    Just to inform you about this other option.

    Cheers!
    François
    Ce message provient du Québec!

  4. #4

    Default Re: Security announcement

    Quote Originally Posted by Francois Blais View Post
    Thanks Grant.
    Another busy website that's in my daily routine is talkbass.com.
    Here's what the site's owner wrote:

    Just to inform you about this other option.

    Cheers!
    François
    Thanks François. As it happens, I am looking at alternatives for the forums, as vbulletin is pretty much dying...

  5. #5
    Dependent danieq's Avatar
    Join Date
    Jul 2013
    Location
    Southeastern Arizona
    Posts
    2,056

    Default Re: Security announcement

    Transparency appreciated.

  6. #6

    Default Re: Security announcement

    Thanks for the info Grant.

  7. #7

    Default Re: Security announcement

    Can I suggest that you set up an additional password for all of the admin and moderating team accessing the control panel Grant? The forum I run is also on vBulletin (for the moment) and we all have a log in page to see the control panel log in page, which is a pain in the bum in terms of logging in but is definitely more secure and reduces the damage that anybody could do if they got hold of our forum passwords.
    'I suggest we learn to love ourselves before it's made illegal.'

  8. #8

    Default Re: Security announcement

    Quote Originally Posted by sfmedusa View Post
    Can I suggest that you set up an additional password for all of the admin and moderating team accessing the control panel Grant? The forum I run is also on vBulletin (for the moment) and we all have a log in page to see the control panel log in page, which is a pain in the bum in terms of logging in but is definitely more secure and reduces the damage that anybody could do if they got hold of our forum passwords.
    Yep, that's a great feature.

    I'm a moderator over a medium size gaming community that recently fell victim to an attack like this. Unfortunately one of the staff members used the same credentials on the forum as in the game itself, to disastrous consequence.

    I'm glad to see Grant & Co. are keeping apprised of the latest security developments. Good job!
    (\__/) This is Bunny. Copy and paste bunny into your
    (='.'=) signature to help him gain world domination.
    (")_(")

  9. #9
    Basenotes Plus
    RHM's Avatar
    Join Date
    Oct 2005
    Location
    Saint Louis, MO
    Posts
    3,666

    Default Re: Security announcement

    Thank you for the heads up!
    RHM's Vintage, Rare & Pretty Darn Good items on offer: http://www.basenotes.net/threads/380...old-Pour-Femme

  10. #10
    Banned
    Join Date
    Apr 2008
    Location
    Chicago
    Posts
    15,256
    Blog Entries
    15

    Default Re: Security announcement

    Thx for the info

  11. #11

    Default Re: Security announcement

    If its not one thing, its the other!

  12. #12

    Default Re: Security announcement

    As always your informational updates are so important to us.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may edit your posts
  •