
VBulletin.com Hacked with Zero Day Exploit - CM30
http://news.softpedia.com/news/vbulletin-zero-day-used-to-hack-official-vbulletin-website-and-foxit-software-495620.shtml
======
joshmn
Some background on VBulletin for the uninitiated: back in the day
(2000-2006ish), bulletin boards/forums were extremely popular. The popular
choices were PHP-based. There were some in MSFT-based languages, but not
widely adopted by the new-age crowd and upstarts. Your choices included PHPBB
(FOSS), IPB (commercial), or VBulletin (commercial); SMF was new and "hot"
(FOSS), and MyBB (FOSS) gained popularity since it was the child of a few
VBulletin wizards.

Up until VB4, VBulletin was the bees knees. When it tried to take on an
entirely new social face, that's when users quickly opted for other solutions.

Two of the most popular forums today are still based on VB3, which would be
WarriorForum and WebHostingTalk. DigitalPoint runs on SMF, and I have no idea
who uses PHPBB on a huge scale, and I'm not even sure what's going on with
IPB.

~~~
CM30
Kind of. Though there's also the whole saga with the buyout and XenForo.
Basically, a big company called Internet Brands bought Jelsoft, the makers of
vBulletin. They pretty much said they wanted vBulletin 4 out stat, even if it
meant outsourcing a significant amount of development.

The old Jelsoft team then left to start XenForo. vBulletin 5 came out (with
half the staff being new and the price being ramped up significantly), and the
negative feedback basically overwhelmed the official site for a few months.
People left en masse to XenForo.

Internet Brands then sued XenForo for 'stolen code', which ended up costing
everyone a lot of money and dragged on for a few years before the case was
dropped.

They then released vBulletin 5. Reception was... negative. To put it lightly.
Features were missing, the style was half complete, bugs were everywhere.
People left even quicker. Marketshare for this version is roughly at about 1%.

Either way, you've got a company in meltdown that had to get somewhat
inexperienced programmers to take over both PHP 4 era legacy code and somewhat
put together a new forum script at the same time. Something was sure to break.

IPB released IPB 4, which cause a sizeable amount of discontent in that
community, partly due to features that were removed because the staff thought
they 'weren't necessary' any more. Many people disagreed.

Digitalpoint moved to XenForo.

And the free scripts? Well, there's currently a bit of a divide between 'old
school' forum scripts and 'modern' forum scripts. On the one side, you have
phpBB, MyBB, SMF, and their various forks and spinoffs. On the other, there's
stuff like Discourse and NodeBB. PhpBB got a bit ignored simply because it was
seen as behind the times and not adding new stuff fast as.

(that said, big phpBB sites do exist, Gaia Online runs a modified version and
quite a few others are out there too, especially for large open source
projects).

------
CM30
There's an interesting discussion about this here, which has input from some
of the vBulletin developers and support staff:

[https://theadminzone.com/threads/vbulletin-com-forums-
hacked...](https://theadminzone.com/threads/vbulletin-com-forums-
hacked.136961/)

Apparently, details of 479895 users have been dumped.

Might include credit card details, based on some older screenshots.

In other news, something like this was kind of inevitable. It's happened
before, and it may have something to do with the questionable code quality of
the latest version or changes by the newer owners of the company. But that's a
long story.

