Feeds

back to article OpenSUSE forums hacked in ANOTHER vBulletin attack

Linux distro openSUSE’s public forums have been compromised and defaced and tens of thousands of user email addresses exposed after a hacker exploited a zero day flaw in the underlying vBulletin software. OpenSUSE responded quickly to media reports about the breach on Tuesday by admitting the successful exploit had allowed the …

COMMENTS

This topic is closed for new posts.
WTF?

Is it just me, or

Doesn't it seem odd that a Free Software vendor should persist in using a proprietary application with so many security problems?

4
1

Re: Is it just me, or

vBulletin is not free its paid for

0
2

Re: Is it just me, or

@WibbleMe

The Free software vendor referred to in the original comment is OpenSUSE. The proprietary application is vBulletin.

2
0
FAIL

Re: Is it just me, or

Absolutely. It is disgraceful that FOSS community fora such as Ubuntu's and LinuxQuestions.org (the official Slackware forum for Christ's sake!) insist in using VBulletin. Even 5 years ago it was justifiable but today there are real alternatives, namely, SMF, PHPBB, FluxBB, Discourse, Vanilla, just to mention a few from the top of my head.

0
0
Bronze badge
Windows

Re: Is it just me, or

We are commited to CHEEZE. Not only is it totally open, but it can provide an income stream to developers using micro transactions in a retail environment. CHEEZE is the future for development of forum software in the new shiny tablet enabled age. Don't think Facebook think CHEEZE.

0
0
Silver badge
Coat

think CHEEZE.

Gromit...

1
0
Bronze badge

Re: Is it just me, or

> Doesn't it seem odd that ...

I am not sure, but I think that VBulletin is a remnant of the Novell takeover of SuSE.

Apart from any security issues, it causes frequent usability problems for new posters, as the methods for preventing code-mangling are non-intuitive. It also does not play nicely with the FOSS tools/clients favoured by many of the local experts. Hopefully this will be a prod to move to a more amenable platform.

0
0
Bronze badge

Forum's useless anyway

Try going on there and asking a question. Whilst the normal users will try to help the Admins will be so occupied with calling you a n00b sometimes they actually forget who they're threatening to ban for talking back.

My favourite and default OS but God damn the community sucks so hard. wouldn't be surprised if they've just pissed off one guy too many

2
2
Silver badge
Linux

Re: Forum's useless anyway

@Valeyard - yeah, I call bullshit on your claims.

No one on that forum has ever been anything but extremely helpful to me. I've had engineers and Novell developers come on the board and spend hours helping me resolve an issue. I've seen an engineer go out and buy a piece of hardware just so he could help a noob figure out how to use it.

And I read a lot of forum posts there - I can't recall ever seeing anyone threatened with being "banned". If someone is a total asshole, they just get ignored after awhile. All in all, I'd say openSUSE is by far the most helpful forum around. Just don't be a complete raving asshole - that doesn't work on any forum.

2
1
Bronze badge

Re: Forum's useless anyway

i said the normal users were helpful, it's the admins who fly off the handle at anything

But you feel free to "call bullshit" on whatever you want at the slightest non-provocation against yourself. with such a short temper you could be an admin there in no time.

0
3
Silver badge

Re: Forum's useless anyway

@Valeyard - I'm not angry - I just have never seen the type of behavior on the openSUSE forums that you are referring to. And I've been a regular participant/reader for many years now.

Sounds like you got yourself "banned" though - I guess by an admin? All I can figure is you must have really seriously pissed someone off. Like I say - I've never seen anything like that. Quite the opposite - people really go quite far out of their way on those forums to help a guy out. I should know - I've had some nasty, nasty problems with AMD 6-core processors, Nvidia cards, and Radeon cards that I couldn't possibly have figured out without help.

0
0

This post has been deleted by its author

Silver badge
Gimp

OH NO

My openSUSE forums password and my El Reg password are exactly the same.

What if hacker H4x0r HuSsY starts posting pro-iPhone comments on El Reg in my name? My rep as an iPhone critic will be down the drain.

I guess I could just change my El Reg password, but - I'm kind of enjoying the tension.

0
0
Bronze badge

Re: OH NO

Andy, you must try harder at the witticism attempts. The article clearly states that email addresses and not passwords were accessed.

We await the onslaught of phishing spam, possibly encouraging the installation of a great new font (see Xorg vulnerability story); but more likely another "Please click here to reset your password" variant.

1
0
Bronze badge

Seems not to have been VBulletin

From the current forum header:

NOTICE: A vulnerability in the forum SEO plugin we have been using has been found making it necessary to discontinue it's use. Existing links in Google, Yahoo, Bing, etc. as well as any existing bookmarks may have problems. The search engines will get our sitemap and it shouldn't take long for them to depreciate the old URLs and start replacing them with new. We apologize for the inconvenience.

I hope that the never re-instate the SEO plug-in. It mangled/obfuscated many URL links in order to "spy" on users, and prevent some of us behind corporate firewalls from following the linked pages.

0
1
This topic is closed for new posts.