Michael Morris
First Post
Vbulletin 3.0.4 has been released, and among other bug features it has a block to prevent self-submitting form attacks. Unfortunately, the code for this will LOCK YOU OUT of any forums that upgrade to 3.0.4.
To avoid being locked out you must configure your firewall to allow the HTTP Referer variable to be sent to the server. Without this code the server has no way of verifing that the form came from vbulletin. Therefore you must allow it to be sent to use sites running vbulletin 3.0.4
3.0.4 closes a number of security holes, so unless Russ decides otherwise I'll be taking the forums up to that version during the upgrade. I certainly don't want to see these forums hit by something akin to the Santy worm which took down numerous phpbb sites a couple weeks ago, including boards ran by some of the members here.
To avoid being locked out you must configure your firewall to allow the HTTP Referer variable to be sent to the server. Without this code the server has no way of verifing that the form came from vbulletin. Therefore you must allow it to be sent to use sites running vbulletin 3.0.4
3.0.4 closes a number of security holes, so unless Russ decides otherwise I'll be taking the forums up to that version during the upgrade. I certainly don't want to see these forums hit by something akin to the Santy worm which took down numerous phpbb sites a couple weeks ago, including boards ran by some of the members here.