PDA

View Full Version : Forum Vulnerability and You



Jakkal
December 28th, 2009, 06:59 PM
A vulnerability in our Forum was found and exploited over the past weekend (Dec 26/27 2009.) We have patched and restored the forums. But as a security precaution we are requiring all users to change their password.

The Silver lining is that the Werelist was not directly hacked. vBulletin forums across the 'net were hit by a script kiddy trying to increase his 'hit' numbers after an exploit was found. Jelsoft, vB's creators, had the patch available on the 23rd. Unfortunately the staff was out of town and unable to patch the forums before the attack. This was mostly our fault for being unable to keep the forums running smoothly.

We don't suspect there will be any longterm issues arising from this. However instead of doing a controlled patch to make sure all of our addons work, I plowed through and overwrote the files quickly in order to get the forums secure and working again. If you notice anything wonky occurring, it's probably not another hacking attempt, it's most likely just a file that was overwritten for the update. Let us know if you discover any issues, however.

Please log in and change your password at your earliest convenience. We recommend that you never use the same password on different websites, and make sure your password has a combination of numbers, capitalized letters, and lowercase letters for added security.

Additionally if anyone wants their accounts deleted because of this, we understand, and will take care of it if you let us know.

We apologize for any inconvenience this has caused.

-The Werelist Helpstaff