35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole 91
realized writes "Last week Slashdot covered a new vBulletin exploit. Apparently hackers have been busy since then because according to security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability. The sad part about this is that it could have all been avoided if the administrator of the websites just removed the /install and/or /core/install folders – something that you would think the installer should do on its own."
Web applications that have write access to directories they then load code from have always seemed a bit iffy to me (wp-content anyone?)
Re:That's what you get for using vBulletin (Score:5, Insightful)
Re:That's what you get for using vBulletin (Score:5, Insightful)
Learn some languages and build your own forum. It's not hard and all the skills you'll acquire will look great on a resume.
Right...because everyone who could ever want to use a forum is a web developer, right? And, of course, every one-off forum app will be TOTALLY free from vulnerabilities, of course. Oh, and let's not forget that there's no benefit whatsoever to different forums being somewhat similar in terms of user interaction...so let's just throw that out the door as well.
Seriously?
Re:That's what you get for using vBulletin (Score:5, Insightful)
Plus writing your own message board from scratch isn't an easy task. There is a LOT within these systems. I've been coding in PHP for about 8 years and even I don't want to take on this task.
A bit iffy??? (Score:5, Insightful)
You misspelled "batshit-insane".