vBulletin problem

Ch3tan

I aer teh win!!
Joined
Dec 22, 2003
Messages
27,305
It seems we are running on 3.2.2 according to the bottom of the main page.
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,075,707
We are running on 3.8.6 PL1. I patched the system way before the peons knew about the exploit.
 

Zenith.UK

Part of the furniture
Joined
Dec 20, 2008
Messages
2,913
Exactly the response I expected Deebs.
gg wp thx. :)
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,075,707
No problem. Also I would like to explain as the BBC have it slightly wrong. During the development of 3.8.6 one of the developers left in a phrase which basically exposes the MySQL login details used by the forum software itself.

Luckily for FH the MySQL instance is firewalled and does not allow public access to any of its ports so even if someone managed to get the information the only way they could use it would be to compromise one of the servers which is authorised to connect to MySQL. ie, this webserver or another.

Still, many hosts allow public access to the MySQL ports and this is a pretty major fuckup by a company already receiving bad publicity over VB4 and how it treats its customers.
 

Users who are viewing this thread

Top Bottom