WT Security Incident

**Admin** · 09-06-2009, 04:57 PM

Last night at about 7:30PM WT was redirected to a porn site. This was a result of the latest Wordpress vulnerability that has been affecting a large number of websites.

We took the server offline until we could isolate the exact cause of the issue. From our investigation the attacker used the WP vulnerability to overwrite one of the main vBulletin files resulting in the redirection of the site.

At this point there is no data loss and we were able to restore the site files from the day before backup. From what we can tell no one's email addresses or other information was compromised or taken.

If you have any questions please post them here. Thanks for everyone's patience and we apologize for the inconvience this caused to WT users.

We have fully updated all of the software running on WT, including vBulletin and Wordpress to the latest versions.

**LadynRed** · 09-06-2009, 05:32 PM

Glad to see you were able to get this resolved so quickly !

**Moxxnixx** · 05:51 PM

Nice to know everything's back to normal. I was going crazy there for a while.

Oops, spoke too soon. When I click on a member's username I get this error...

Code:

Parse error:  syntax error, unexpected ':', expecting ']' in /home/waynetim/public_html/includes/class_profileblock.php(292) : eval()'d code on line 2

**jamestl2** · 09-06-2009, 05:48 PM

So that p0rn site redirection wasn't planned then?

**chrishirst** · 09-06-2009, 05:53 PM

Didn't take long for the phone spammers to restart either!!!!

**wayfarer07** · 09-06-2009, 06:18 PM

Quote:

Originally Posted by chrishirst

Didn't take long for the phone spammers to restart either!!!!

At least that is spam that we can just delete.

**Admin** · 09-06-2009, 06:28 PM

Quote:

Originally Posted by Moxxnixx

Nice to know everything's back to normal. I was going crazy there for a while.

Oops, spoke too soon. When I click on a member's username I get this error...

Code:

Parse error:  syntax error, unexpected ':', expecting ']' in /home/waynetim/public_html/includes/class_profileblock.php(292) : eval()'d code on line 2

Thanks for pointing this out we will take a look.

**chrishirst** · 09-06-2009, 06:34 PM

Nice to see the latest admin features have made it to the site as well.

Ban the spammers and bin their posts in three easy clicks

**JSTYLISH** · 09-06-2009, 09:28 PM

Quote:

Originally Posted by Admin

Thanks for pointing this out we will take a look.

Another one to add to your stressful day!

Quote:

Your submission could not be processed because a security token was missing.<br />
<br />
If this occurred unexpectedly, please <a href="sendmessage.php">inform the administrator</a> and describe the action you performed before you received this error.

This occurred when I tried to give some talkupation.

**Towhid** · 09-06-2009, 09:32 PM

I'm a bit confused, this is a vbulletin forum right? so why was it affected by a wordpress vulnerability

**Giselle** · 10:12 PM

Everything was working pretty good awhile back, even posted some posts, went to the user panel and wanted to go back to the main page and was completely locked out. I couldn't go anywhere, there was an error of some sort, wish I had thought to take a picture. I tried to log back in but the same error came up, I was just able to come back into the forum a little while ago.

Also I am not receiving email notifications to subscribed threads. When I go to the cp panel and the list of new threads that I had subscribed to are up when somebody made a new post, could I just resubscribe in the thread tools when I go to that thread? If this could work, I can do this myself.

Truly am sorry for the trouble and work this has put you through, what a nightmare!

I was checking on a profile and received this message:

Parse error: syntax error, unexpected ':', expecting ']' in /home/waynetim/public_html/includes/class_profileblock.php(292) : eval()'d code on line 2

The good news, a few seconds later the profile did come up and I wasn't locked out.

**fresh-d** · 09-06-2009, 11:34 PM

Glad to see you guys are back.

**Admin** · 09-07-2009, 04:25 PM

Yeah it's been a trying time as we had a ton of wordpress installs that had to be updated due to the vulnerability. Not much of a long weekend !

Please post any other issue in here I will be keeping an eye on it.

**LadynRed** · 09-07-2009, 05:14 PM

Quote:

Ban the spammers and bin their posts in three easy clicks

Yay!! I'm glad you took my suggestion

Glad you're back now too

**Giselle** · 09-08-2009, 11:46 AM

When you get a chance, could you please reset the avatars. I tried to change my avatar and a sign tells me it was unable to save the file. Also on posting a message, the font and size works fine, but the colors are dead, well at least for me. I don't use different colors for text but once in awhile I do, it's a nice function to have.

Sure would greatly appreciate it and also when you get a chance, thanks!

**jamestl2** · 09-08-2009, 02:28 PM

It also appears that the hackers messed with the vBSEO add-on. The thread URLs changed and vBSEO is no longer mentioned in the footer (unless this was altered by the staff, of course...).

**jamestl2** · 09-08-2009, 03:02 PM

BTW: It also appears the sidebar ad is gone (if that was done intentionally, then THANK GOD!!!).

**Giselle** · 09-08-2009, 04:59 PM

Quote:

Originally Posted by jamestl2

BTW: It also appears the sidebar ad is gone (if that was done intentionally, then THANK GOD!!!).

Shhhhhhhhhhhhhhhh, we don't want to bring that to their attention!

**NullPointer** · 09-08-2009, 08:18 PM

Glad to see everything is up and running again.

Funny story:

My girlfriend came into the living room and was acting a bit strange toward me for a while. I asked her if she wanted to watch a movie later and she just kind of looked at me in a strange way and said she didn't want to. I brushed it off and went into my room to discover the porn site WMT was being redirected to on my computer. Apparently the last time I was using my computer I was browsing the forum and as soon as the browser was opened (by my girlfriend) the active tab was set to WMT (ie the porn site).

That took a bit of explaining...

**Giselle** · 09-08-2009, 09:44 PM

I just laughed and laughed Matt, a really funny story, although at the time it certainly wasn't funny. I assume all is well with your lady friend, I can only imagine what went through her mind, seeing as I am a woman. Thanks for sharing the story!