Just checking

Hi longboard
We have discussed this numerous times in the past and it is indeed very unfortunate as to what has happened over at the Spywarewarrior's forum. There is indeed no similar exploit here in the Wilder's security forum. As forum security is strictly private and confidential this thread is now closed

Regards

 

The description from Spyware Warrior says that the person who did that simply triggered the built-in function to send bulk email to all registered members. Using that feature (which most forum packages have available) means that the automated mailer in the forum software sent the email, not that the people involved extracted any email addresses. So while everyone did indeed get an email, it is doubtful the email addresses were harvested.

I don't know the specific exploit used, but not all exploits are the same. They don't all allow unrestricted access to even the forum software, never mind the database or the server they run on. Sometimes they are very focused and only allow specific limited functions to be performed.

In any case, all software has bugs and new exploits are found fairly from time to time. vBulletin has had its share just like phpBB and all the others. The best you can do is keep informed about any critical updates offered by the vendor in question, and apply what you need to in order to stay secure.