[maidos]

maybe u could had prevented the hack if u actually didnt use a outdated vbulletin version that is EOL already? vbulletin doesnt support 3.8.7 (which this site is using) so any security exploits posted on net wont be fixed by vbulletin company.

[fysiks]

The fact that an older version of vBulletin is being used has been discussed before and the discussion explains the reasons. I'm not saying that they are the most valid reasons, I'm just saying this has been discussed before. If you can find that thread, you will see the reasons. Just an FYI.

[Backstabnoob]

From what I recall, most of the reasons were of the "we don't like change" type.

[fysiks]

Quote:

Originally Posted by Backstabnoob From what I recall, most of the reasons were of the "we don't like change" type.

No, the biggest one was that there are customizations (that are required for our community) that would require significant redevelopment in a new version of vBulletin.

[hleV]

Considering how big this community is, I believe there should be changes, as in, vBulletin should be upgraded and the customizations redone.

[fysiks]

Quote:

Originally Posted by hleV Considering how big this community is, I believe there should be changes, as in, vBulletin should be upgraded and the customizations redone.

I agree but you need to find someone who knows how to do the required customizations first .

[Jelle]

Quote:

Originally Posted by hleV Considering how big this community is, I believe there should be changes, as in, vBulletin should be upgraded and the customizations redone.

I doubt the guys who actually have to do the work feels the same way. For anyone it can be quite hard to pull out a month of work from their calendar.

I know, it's easy as a normal user to have the opinion that stuff should change, but considering it's all free work such thing is likely not to happen.

I would like a change too, it would be nice to see something different, but to be honest the forum does it's job quite well, and people are familiar with it. So with all that work that has to be put into it, the gains are just too small.

[hleV]

I never said the staff has to do it.

[YamiKaitou]

vBulletin does indeed still support 3.8.x, in fact they just patched it on March 13 2014

[asherkin]

As I replied to you on Reddit:

Quote:

The vBulletin-related things in the attack (PHP code injection from the admin panel, and a less-than-stellar password hashing algorithm) are present in the latest release of vBulletin 5. There was no vBulletin exploit involved here.

We're capable developers and maintain a stack of security and functionality patches on top of vB - no exploit was involved here, it was a simple compromise of an administrator account, as was fully detailed in the email that went out to all members and the announcement at the top of every forum.

We've been evaluating moving away from vB 3.x for a very long time now, we're not ignoring the issues, but spreading FUD like blaming this issue on a vB 3.x security bug doesn't help anyone.