Welcome to Anal SEX Forums

**Dan Druff** · 10-16-2013, 11:15 AM

Apparently some foreign spammer found an exploit in this version of vBulletin and used it to send out a ton of spam from my server with the following subject:

Subject : Welcome to Anal SEX Forums at www .***** .com .cn

This happened at around midnight tonight.

I *'d out part of the URL so it doesn't get any further google help from this site.

No idea what they are exploiting yet.

Has something to do with the e-mail system that verifies users.

**Crowe Diddly** · 10-16-2013, 11:23 AM

I had just seen this earlier today, don't know if it helps.

http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/

Thousands of Sites Hacked Via vBulletin Hole

Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.

Attack tool for exploiting vulnerable vBulletin forums.

In a blog post in late August, vBulletin maker Jelsoft Internet Brands Inc. warned users that failing to remove the “/install” and “/core/install” directories on sites running 4.x and 5.x versions of the forum software could render them easily hackable. But apparently many vBulletin-based sites didn’t get that memo: According to Web site security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability.
The security weakness lets attackers quickly discover which forums are vulnerable, and then use automated, open-source exploit tools to add administrator accounts to vulnerable sites.

Imperva said the compromised sites appear to have been hacked by one of two sets of exploit tools that have been released publicly online. The first was apparently used in a mass Website defacement campaign. A Google search for forums with the the rather conspicuously-named administrator account added in that attack (“Th3H4ck”) shows that many of the hack sites also are hosting malware. Among the sites apparently compromised is a support forum for the National Runaway Safeline and a site selling vBulletin add-ons.

The second tool does effectively the same thing, except with a bit more stealth: The administrator account that gets added to hacked forums is more innocuously named “supportvb”. Here’s a Google search that offers a rough idea of the forums compromised with this exploit, which was apparently authored or at least publicly released by this guy.
et cetera and so forth.

**mulva** · 10-16-2013, 11:23 AM

there is some amazing software out there that just creates spam to promote.

**Dan Druff** · 10-16-2013, 11:26 AM

I fixed that /install hole late last month. But thanks. It was a retarded lapse of security on vBulletin's part.

I remember wanting to delete that directory in 2012 and they told me not to.

**simpdog** · 10-16-2013, 11:41 AM

Originally Posted by Dan Druff

I fixed that /install hole late last month. But thanks. It was a retarded lapse of security on vBulletin's part.

I remember wanting to delete that directory in 2012 and they told me not to.

if you fixed it how did it happen?

**Crowe Diddly** · 10-16-2013, 11:46 AM

Originally Posted by simpdog

Originally Posted by Dan Druff

I fixed that /install hole late last month. But thanks. It was a retarded lapse of security on vBulletin's part.

I remember wanting to delete that directory in 2012 and they told me not to.

if you fixed it how did it happen?

a different way, obv. there's been zillions of holes in vbulletin over time, and there will be more in the future.

**SrslySirius** · 10-16-2013, 11:57 AM

So where's the anal sex forum? You know, just out of curiosity...

**garrett** · 10-16-2013, 12:06 PM

Is this why (not ur site but) I seemingly get such stupid spam to may emails that are years old. Why cant it be stopped?

been happening for a couple years to me.

**4Dragons** · 10-16-2013, 12:16 PM

:HOF

Name: book-page-cant-be-showed.jpg
Views: 517
Size: 164.1 KB

**BeerAndPoker** · 10-16-2013, 12:17 PM

**Dan Druff** · 10-16-2013, 01:36 PM

I believe I tracked down the exploit and fixed it.

**Belly Buster** · 10-16-2013, 02:39 PM

Originally Posted by Dan Druff

I believe I tracked down the exploit and plugged the hole.

FYP.

**badguy23** · 10-16-2013, 03:13 PM

Magic Johnson is behind this -780

Fluffer is behind this -650

Field +400

**4Dragons** · 10-16-2013, 04:53 PM

Originally Posted by Belly Buster

Originally Posted by Dan Druff

I believe I tracked down the exploitedteenangels.com and fapped to it.

FYP.

FYFYP

**simpdog** · 10-16-2013, 07:27 PM

Originally Posted by 4Dragons

Originally Posted by Belly Buster

FYP.

FYFYP

domain available.

Let's go 45/45 on it and give 10% to druff?

**Sanlmar** · 10-16-2013, 09:55 PM

Originally Posted by Dan Druff

Apparently some foreign spammer found an exploit in this version of vBulletin and used it to send out a ton of spam from my server with the following subject:

Subject : Welcome to Anal SEX Forums at www .***** .com .cn

This happened at around midnight tonight.

I *'d out part of the URL so it doesn't get any further google help from this site.

No idea what they are exploiting yet.

Has something to do with the e-mail system that verifies users.

Target marketing

**4Dragons** · 10-17-2013, 03:16 AM

How is this not all neverstop's fault?

**tony bagadonuts** · 10-17-2013, 09:16 AM

I thought Anal Azzclown might have woken up from his nap and gone into business with gaysex.

Thread: Welcome to Anal SEX Forums

Thread Tools

Search Thread

Display

Welcome to Anal SEX Forums

Thread Information

Users Browsing this Thread

Similar Threads

Anal Sex

Immediate Attention: ANAL Hershieser

Anal Tattoos Next Big Thing?

NWP Associated Forums Power Rankings for July 27, 2012 Reposted from DD

Hey all just arrived from the dd forums as well