kastein
Member
- 495
- 26
- 18
- Location
- Southbridge MA
some variety/version of vbulletin is used here. As long as it is kept up to date the core of the program is fine - unfortunately, plugins for it are sometimes not up to the same standards and from what patracy said, one of them was how the attacker got in.
It only takes one line of code written without thought given to security to leave a hole an attacker can exploit. You literally have to look at your own code and think about it as if you were trying to break it.
vbulletin is actually one of the more secure, better written forum packages out there. It is FAR better than phpBB for instance. Back in around 2004-2005 there was a new phpBB vulnerability almost weekly, it was nearly impossible to stay caught up.
It only takes one line of code written without thought given to security to leave a hole an attacker can exploit. You literally have to look at your own code and think about it as if you were trying to break it.
vbulletin is actually one of the more secure, better written forum packages out there. It is FAR better than phpBB for instance. Back in around 2004-2005 there was a new phpBB vulnerability almost weekly, it was nearly impossible to stay caught up.