• Jack-it Night: April 2024 RS Meeting Hey Guest: Wed. April 3rd is the next Rising Sun meeting, and you won't want to miss it. We're doing our annual offroad recovery equipment demonstration and trail skills training aka "Jack It Night." Meeting starts at 6:30 p.m. (early) Click here for all the details.

vBulletin Exploits?

Hulk

RS Webmaster
Staff member
Moderator
Cruise Moab Committee
Joined
Aug 22, 2005
Messages
16,431
Location
Centennial
We're running an old version of vBulletin for sure. Are we hackable? I'm sure we are. The question is do we have anything worth protecting?
 

OilHammer

Hard Core 4+
Joined
Apr 2, 2009
Messages
1,711
Location
Denver
As a club, probably not. Some users may use the same password here as they do on their email though, and that's likely what the hackers are after. Get into email, and you can reset passwords on all kinds of sites.
 

DaveInDenver

Rising Sun Ham Guru
Joined
Jun 8, 2006
Messages
12,950
Location
Grand Junction
Not dealing with state secrets but ultimately what's important is up the users. It's worth trying to avoid the forum from being hacked just so that emails aren't stolen and spammed. Maybe it's not time practical or cost feasible to deal with hacks, but they do exist and we do exchange personal information here, there are call signs, physical addresses, schedules (e.g. when you may not be home), names of family members. It's not totally benign. Everyone blurs license plate numbers in photos because they want some sense of privacy, what does an attitude of "Possible hack, so what?" convey?
 

wesintl

RS Moderator
Moderator
Joined
Aug 22, 2005
Messages
8,557
Location
in da house
Should install the updates that they have... bad practice not to
 

Hulk

RS Webmaster
Staff member
Moderator
Cruise Moab Committee
Joined
Aug 22, 2005
Messages
16,431
Location
Centennial
Should install the updates that they have... bad practice not to

We're on vBulletin 3.7.1. The latest version is 5.2.2, which will be a serious upgrade and change -- not the change that Mud did when they shifted away from vBulletin completely, but a serious change nonetheless. There will also be some expense to this, since their software licensing model changed with version 4 -- I think there's an annual renewal to it now. We should run this by the officers at minimum before spending money.

Wes, you and/or Kipper might be better at taking care of this installation if we want to go this route. Would you be willing to head up this?

Before we do anything, we need to make complete backups of everything we have now. Our database is too big to simply use phpmyadmin to download -- we have some specialty software we've used in the past.
 

wesintl

RS Moderator
Moderator
Joined
Aug 22, 2005
Messages
8,557
Location
in da house
Aren't there 3.xx upgrades?
I'd have to look as well as what options are. I doubt we can make backups without host help due to size. I've been kinda out if thou with it but I can start to look with any free time in the evening
 

Hulk

RS Webmaster
Staff member
Moderator
Cruise Moab Committee
Joined
Aug 22, 2005
Messages
16,431
Location
Centennial
From Wikipedia:
The latest stable release of vBulletin 3 is 3.8.9 which was released on 17 June 2015, and is a maintenance and compatibility release (for PHP 5.5 & 5.6).[14] Beta Releases for 3.8.10 are available, which have more bug fixes. PHP 7.x compatibility is planned for 3.8.11, with Alpha releases set for August 2016.

So yes, we can get it. I'm not sure we still have access to the software or if we'd need to buy our way in. I think we may still have access to all vB 3 releases. I will check to see if we still have an account.
 
Top