Slashdot Mirror

← Back to Stories (view on slashdot.org)

35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole

Posted by Unknown on from the delete-stale-files dept.

realized writes "Last week Slashdot covered a new vBulletin exploit. Apparently hackers have been busy since then because according to security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability. The sad part about this is that it could have all been avoided if the administrator of the websites just removed the /install and/or /core/install folders – something that you would think the installer should do on its own." Web applications that have write access to directories they then load code from have always seemed a bit iffy to me (wp-content anyone?)

3 of 91 comments (clear)

  1. Re:That's what you get for using vBulletin by smash · · Score: 5, Insightful

    not hard to do if you don't care about security you mean.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  2. Re:That's what you get for using vBulletin by Shoten · · Score: 5, Insightful

    Learn some languages and build your own forum. It's not hard and all the skills you'll acquire will look great on a resume.

    Right...because everyone who could ever want to use a forum is a web developer, right? And, of course, every one-off forum app will be TOTALLY free from vulnerabilities, of course. Oh, and let's not forget that there's no benefit whatsoever to different forums being somewhat similar in terms of user interaction...so let's just throw that out the door as well.

    Seriously?

    --

    For your security, this post has been encrypted with ROT-13, twice.
  3. A bit iffy??? by NoNonAlphaCharsHere · · Score: 5, Insightful

    Web applications that have write access to directories they then load code from have always seemed a bit iffy to me

    You misspelled "batshit-insane".