Hi Miguel,
I will not test the Ubuntu Forums as I am not authorized to do so. I hope officials of Ubuntu Forums can assign Penetration Tester(s) to test the Ubuntu Forums in order to find out any potential vulnerabilities.
The Inj3ct0r Team stated that they responsible to the attacks. They are criminals. One of my friends' web site has been kidnapped by the team last month.
I am worrying that let's assume Ubuntu Forums admins find the vulnerabilities after the attack and they informed the vBulletin.com. The vBulletin.com fixed accordingly. The patch has been released but Macrumors.com did not fix the flaw(s) in time. So, the Macrumors.com is attacked in the same manner of Ubuntu Forums in July as it stated in facebook of Inj3ct0r Team. It is understandable.
However, the Inj3ct0r Team stated that vBulletin.com is attacked via an undocumented vulnerability. Therefore, I suspect that Ubuntu Forums may have the same vulnerability of vBulletin.com too.
The website(s) can be defensed if all the vulnerabilities have been discovered before the bad guy(s). Please refer to OWASP Top 10 2013 for details --
https://www.owasp.org/index.php/Cate...op_Ten_Project and their testing guide --
https://www.owasp.org/index.php/OWASP_Testing_Project
Samiux
Bookmarks