A zero day exploit of VBulletin has compromised our forums at https://forums.interworx.com. We are providing this notice to ensure you are aware of the incident so that you can take the necessary steps.
On Monday August 10th, 2020 a backdoor was discovered, having been put in place within the last 12 hours, we determined that a 0-day exploit was used to upload it. The exploit appears to be a variation on CVE-2019-16759, while this was patched by the vendor last year, a proof of concept work-around was published August 9th, 2020.
What kind of user data was affected?
The extent of the exposed data is:
While we do not have any evidence that these data were exposed, it is possible that they may have been given the nature of the exploit.
What are we doing?
We have restored from backups, and added our own WAF(modsec) rules to the hosting server to prevent this attack and a number of likely evasions. Our Security team is monitoring the site. We have disabled a feature in vbulletin that renders the attack vector ineffective. When a patch is made available by the software vendor we will apply it immediately.
As a precaution we have invalidated all passwords.
We are in the process of exploring a replacement forum platform and will be providing more information on it in the near future.
Immediate actions for you to take.
As we have taken the precaution of resetting user passwords. To be able to login to the site you will need to use the lost password functionality. https://forums.interworx.com/lostpw
When you choose a new password, please do not use the same password you used with us previously. We recommend that you do not use any passwords you use for other services. We also recommend using a password manager so you can manage multiple complex passwords for all your services. Your browser likely has a basic built in password suggestion and storage solution, other recommended options are lastpass and dashlane.
Please contact our support via https://support.interworx.com/ if you have any questions.
We apologize for any inconvenience this may cause.
Regards,
Paul Oehler
VP