SA forums victim of vBulletin exploit

Popular South African forums NAG.co.za, Carbonite.co.za, and MyBroadband.co.za recently fell victim of hacking attempts that used an exploit in vBulletin 4.1+ and vBulletin 5+.

On 27 August 2013, vBulletin Technical Support Lead, Wayne Luke posted about the exploit on the vBulletin support forums. vBulletin only began to inform its forum software users of the exploit via e-mail from 3 September 2013.

This created a situation in which hackers were made aware of the vulnerability, but many VBulletin forum managers were left in the dark.

This caused a spate of hacks on forums using the VBulletin software, including many high profile South African forums.

MyBroadband

On 28 August, MyBroadband picked up an admin intrusion on its forum exploiting the vBulletin vulnerability.  The problem was luckily contained before any significant damage was done, and no downtime was experienced.

The exploit has been resolved on MyBroadband and additional security put in place.

Carbonite

The Carbonite forum briefly displayed a hacked landing page with a political message around the Syrian civil war. The site has since been restored.

Henk Keuris, co-founder of Carbonite, explained that the hack occurred around 7PM on 9 September 2013. “However, we did notice the server going down at around 10 pm, for a number of nights in a row, starting mid last week,” said Keuris.

Keuris said the hack was done through a vBulletin installation on a Linux server with Apache.

Keuris explained what he did to bring Carbonite back online: “At this stage, all I did was remove the index.html file, which restored the website to working order. I also changed the admin root password and did a system wide software upgrade (not OS, only apps).”

As for how the hackers got into Carbonite, Keuris said “We do not yet know. We are currently investigating and will know later this week.”

NAG forum

The NAG.co.za forum was also victim of a hack attack with a political motive. The forum website now redirects to a site with a pro-Assad Syrian government message.

NAG assistant editor, Geoff Burrows explained that the hack occurred 9 September, around 4-5PM. “We have a security professional working on it right now,” said Burrows.

The NAG forum was installed on a dedicated server running Linux.

Burrows said that the hackers gained entry into the system through the known vBulletin exploit, which has now been removed.

NAG forum Syrian Army hack

More gaming news

Deep Down: amazing PS4 game first gameplay, details

PS Vita TV home console, content stream

New PS Vita revealed

Offline play coming to Diablo 3 on PC?

Forum discussion
Authors
Tags , , , ,

Join the conversation

SA forums victim of vBulletin exploit

Related posts

×