Thanks for the heads up Grant.
Thread: Security announcement
Recently a small number of sites running the same forum software as we do have been hacked. The hack was apparently based around gaining access to a moderator/admin account and posting malicious code which allowed the hackers to gain access to the back-end databases. The forums of the creator of this software (vbulletin) was also hacked due to an unsecured testing area.
Basenotes has not been hacked. This is just a heads-up to let you know the situation and to be as transparent as possible.
The providers of this software (vbulletin) say:
As a precaution, we have reset passwords for all members of Basenotes which have access to the back-end.Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin.
These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.
We are also running the latest version of this software that is available, and have used for the last few years a third-party security company to detect compromises, remove any malicious artifact and protect the Basenotes website.
We will of course keep a close eye on the situation.
Thanks for the heads up Grant.
Remember that while it is perfectly acceptable to criticize the content of a post - criticizing the poster is not.
Another busy website that's in my daily routine is talkbass.com.
Here's what the site's owner wrote:
Just to inform you about this other option.After watching vbulletin go down the tubes for the past several years, I decided to build our new forums on XenForo. XenForo is a new cutting-edge forum software built by the same guys that built vbulletin 3.x. It's simply the best-written forum code out now. It's been a long journey, and it's not quite over yet! Migrating 13 million posts, attachments, avatars, etc is no easy task, but we hope to perform the final migration mid December or early January.
Ce message provient du Québec!
Thanks for the info Grant.
Can I suggest that you set up an additional password for all of the admin and moderating team accessing the control panel Grant? The forum I run is also on vBulletin (for the moment) and we all have a log in page to see the control panel log in page, which is a pain in the bum in terms of logging in but is definitely more secure and reduces the damage that anybody could do if they got hold of our forum passwords.
'I suggest we learn to love ourselves before it's made illegal.'
I'm a moderator over a medium size gaming community that recently fell victim to an attack like this. Unfortunately one of the staff members used the same credentials on the forum as in the game itself, to disastrous consequence.
I'm glad to see Grant & Co. are keeping apprised of the latest security developments. Good job!
(\__/) This is Bunny. Copy and paste bunny into your
(='.'=) signature to help him gain world domination.
Thank you for the heads up!
"Mom….now the kitten smells like Chamade!"
Thx for the info
If its not one thing, its the other!
As always your informational updates are so important to us.