• Pricing
  • Features
    • InterWorx
    • Clustering
    • Developers
    • Roadmap
  • Support
    • Overview
    • Latest News and Blog
    • Documentation
    • InterWorx Forums
    • Version History
    • Help Desk
    • FAQ’s
    • Feedback and Feature Requests
  • Company
    • End User License Agreement
    • Privacy Policy
    • Bug Bounty
    • Interworx Partners
    • Our Brand
    • Website Accessibility Statement
    • Contact Us
  • My Account
Interworx Forums Security Alert
July 10, 2020
New License Type for VPS and other progress updates
August 31, 2020

VBulletin forum.interworx.com 0-day Exploit

Published by Joseph Purkis on August 10, 2020

A zero day exploit of VBulletin has compromised our forums at https://forums.interworx.com. We are providing this notice to ensure you are aware of the incident so that you can take the necessary steps.

On Monday August 10th, 2020 a backdoor was discovered, having been put in place within the last 12 hours, we determined that a 0-day exploit was used to upload it. The exploit appears to be a variation on CVE-2019-16759, while this was patched by the vendor last year, a proof of concept work-around was published August 9th, 2020. 

What kind of user data was affected?

The extent of the exposed data is:

  • Forum User IDs
  • Forum Names
  • Forum Email Addresses
  • Forum Double encrypted and salted passwords using Blowfish / bcrypt.

While we do not have any evidence that these data were exposed, it is possible that they may have been given the nature of the exploit.

What are we doing?

We have restored from backups, and added our own WAF(modsec) rules to the hosting server to prevent this attack and a number of likely evasions.  Our Security team is monitoring the site. We have disabled a feature in vbulletin that renders the attack vector ineffective.  When a patch is made available by the software vendor we will apply it immediately.

As a precaution we have invalidated all passwords.

We are in the process of exploring a replacement forum platform and will be providing more information on it in the near future. 

Immediate actions for you to take.

As we have taken the precaution of resetting user passwords. To be able to login to the site you will need to use the lost password functionality. https://forums.interworx.com/lostpw

When you choose a new password, please do not use the same password you used with us previously.  We recommend that you do not use any passwords you use for other services.  We also recommend using a password manager so you can manage multiple complex passwords for all your services.  Your browser likely has a basic built in password suggestion and storage solution, other recommended options are lastpass and dashlane.

Please contact our support via https://support.interworx.com/ if you have any questions.

We apologize for any inconvenience this may cause.

Regards,
Paul Oehler
VP

Share
3

Related posts

September 11, 2020

New Support System and Forum

Read more
August 31, 2020

New License Type for VPS and other progress updates

Read more
July 10, 2020

Interworx Forums Security Alert

Read more
  • Liquid Web Family of Brands
  • Liquid Web
  • Visit Nexcess
  • Visit iThemes
  • Visit Interworx
© 2019 Interworx, LLC. All Rights Reserved.
      We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.