It’s been almost three weeks since publishing group Future discovered that hackers were attempting to exploit a vulnerability in the online forum of one of its popular magazines.
A moderator on the PC Gamer online messageboard had spotted a suspicious script hidden in a forum announcement on July 19th, designed to steal details of users - including their password and date of birth - if clicked.
According to an announcement posted on the GameHacking forum, Future’s IT security team discovered that “a small group of admins and moderators had their accounts compromised, the first of which had been used to post the malicious script.”
The good news is that no evidence has been found that any users had their details compromised by the attacks.
As a precaution, however, Future shut down the PC Gamer online forum, and other vBulletin-powered forums that it operates. Affected sites include the forums for popular magazines such as SFX, Total Film, Digital Camera World, Cycling News, MusicRadar, Rhythm, Classics Monthly, Mini Magazine, and Fast Bikes.
Attempting to visit any of these online forums now presents users with the following message:
In an update posted on July 29th, Dave Bradley, editor-in-chief of SFX, said that Future’s IT team were looking at upgrading the forum software, and also reviewing whether to continue using vBulletin.
In his post, Bradley says that Future was using vBulletin 3.8.5 for its online forums. That certainly raises an eyebrow, as the “final” version of vBulletin 3 was version 3.8.7, released in February 2011.
One imagines that Future will be looking at vBulletin’s later incarnations (4 and 5), as well as alternatives. Hopefully they will also be working with the authorities to see if any evidence can be found which might lead to identification of those responsible for the hack.
Last month, Ubuntu Forums was brought down after a hacker exploited a security hole in its vBulletin software, and defaced it with a picture of a gun-wielding penguin.
If you’re running an online forum, please make sure that you are running the very latest version, and keeping on top of security patches.