Hello dear vBSEO customers and friends,
In a continuous effort to assist customers who have expressed concerns regarding security flaws that have affected vBulletin/vBSEO forums, we've committed resources to finding a new staff member who can focus efforts on key aspects of security issues.
Today we welcome Rafael Benard to the vBSEO team and are happy to introduce him to the community. Rafael will be in charge of working together with customers that have being affected by security attacks in general, including an issue that has surfaced recently, that redirects users to third-party sites that contain pop-up ads and malicious code. Rafael will be in charge of bringing to our attention key aspects that may benefit the health of our customers' sites, including, but not limited to vBSEO. In fact, Rafael is working on a list of security recommendations that vBSEO will be forwarding to the vBulletin development team.
The safety of our customers' communities has always been a top priority for us, though we agree that, by having a dedicated security expert, we will be able to better address the matter moving forward, while also helping customers remove traces of malicious code that may remain on sites that were once affected, regardless of the culprit (be that vBSEO or not). To get started, Rafael will publish a blog post on the redirection issue that has emerged recently (I'll update this announcement with the URL once it's published).
With Software as a Service (SaaS) becoming more mainstream, malware injections have gained momentum on the more traditional "hosted" software environments, and at vBSEO we are aware of that fact. Rafael brings to the table vast expertise in a wide array of web security areas, including:
- Cross Site Scripting (XSS) and DOMXSS
- Cross Site Request Forgery (CSRF)
- SQL/SQLi Injections/Attacks
- Command Execution and Code Injection
- Tracking down and preventing file system vulnerabilities
Again, our goal here is: a) to minimize the potential of future hack attempts hitting our customers, b) to provide an extra value to our current customers by helping them harden their environment security, and c) to help them identify/remove traces of previous attacks where there may be. To this effect we have created a new category under our Support Ticket System called Security-related Issues, with three categories:
- Security hardening request
- Old attack traces removal request
- New security issue (suspected)
Your bottom-line is our success, so it's imperative that vBSEO not only drives new traffic to your site, but helps you keep it there. Security is a tricky area, and each forum installation must be approached in a particular way, that depends on multiple variables. Keeping your site secure is our commitment to you as a customer, and we are ready to back it up with a dedicated resource ready and available to assist you with all your forum security needs.
Please join me in giving Rafael a warm welcome,
The vBSEO Team