1. Reminder: Please use our affiliate links for holiday shopping!

vBulletin hacked, possible security flaw...

Discussion in 'Help and Feedback' started by wjiang, Nov 18, 2013.

  1. wjiang

    wjiang Mu-43 Hall of Famer

    • Like Like x 1
  2. Amin Sabet

    Amin Sabet Administrator

    Apr 10, 2009
    Boston, MA (USA)
    Yes, it's very concerning. One of my sites (SeriousCompacts) was hacked last month, and it cost me over $1000 to address that, not to mention over $200/month extra (above our previous monthly costs for server, apps, etc) for ongoing help keeping everything up to date. Now with vBulletin itself and MacRumors (huge site) getting hacked, it seems that vBulletin sites are not safe. I've shored up defenses as well as I could around here, and I have redundant backups in case a clean install is needed. Might be time to jump ship from vBulletin, but that would be a huge and expensive undertaking. Please we'd lose a lot of functionality.
     
  3. bassman

    bassman Mu-43 Top Veteran

    680
    Apr 22, 2013
    New Jersey
    Scott
    The major risk is to users (including mods & admins) who use the same password on multiple sites. Which one should never do.
     
  4. Amin Sabet

    Amin Sabet Administrator

    Apr 10, 2009
    Boston, MA (USA)
    Very true. At the very least you should use strong unique passwords for certain sites (email, banking, etc).

    Sent from my SCH-I535 using Mu-43 mobile app
     
  5. bassman

    bassman Mu-43 Top Veteran

    680
    Apr 22, 2013
    New Jersey
    Scott
    Really, one should install and use a tool like Lastpass or 1Password. I've mostly eliminated dup passwords in my world and changed to very long, very strong random ones generated by the tool. It pretty much limits your risk to the site hacked, which frankly isn't that great for the Forums.
     
    • Like Like x 1