New vBSEO Team Member - Rafael Benard

Hello dear vBSEO customers and friends,

In a continuous effort to assist customers who have expressed concerns regarding security flaws that have affected vBulletin/vBSEO forums, we've committed resources to finding a new staff member who can focus efforts on key aspects of security issues.

Today we welcome Rafael Benard to the vBSEO team and are happy to introduce him to the community. Rafael will be in charge of working together with customers that have being affected by security attacks in general, including an issue that has surfaced recently, that redirects users to third-party sites that contain pop-up ads and malicious code. Rafael will be in charge of bringing to our attention key aspects that may benefit the health of our customers' sites, including, but not limited to vBSEO. In fact, Rafael is working on a list of security recommendations that vBSEO will be forwarding to the vBulletin development team.

The safety of our customers' communities has always been a top priority for us, though we agree that, by having a dedicated security expert, we will be able to better address the matter moving forward, while also helping customers remove traces of malicious code that may remain on sites that were once affected, regardless of the culprit (be that vBSEO or not). To get started, Rafael will publish a blog post on the redirection issue that has emerged recently (I'll update this announcement with the URL once it's published).

With Software as a Service (SaaS) becoming more mainstream, malware injections have gained momentum on the more traditional "hosted" software environments, and at vBSEO we are aware of that fact. Rafael brings to the table vast expertise in a wide array of web security areas, including:

• Cross Site Scripting (XSS) and DOMXSS
• Cross Site Request Forgery (CSRF)
• SQL/SQLi Injections/Attacks
• Command Execution and Code Injection
• Tracking down and preventing file system vulnerabilities

Again, our goal here is: a) to minimize the potential of future hack attempts hitting our customers, b) to provide an extra value to our current customers by helping them harden their environment security, and c) to help them identify/remove traces of previous attacks where there may be. To this effect we have created a new category under our Support Ticket System called Security-related Issues, with three categories:

1. Security hardening request
2. Old attack traces removal request
3. New security issue (suspected)

Your bottom-line is our success, so it's imperative that vBSEO not only drives new traffic to your site, but helps you keep it there. Security is a tricky area, and each forum installation must be approached in a particular way, that depends on multiple variables. Keeping your site secure is our commitment to you as a customer, and we are ready to back it up with a dedicated resource ready and available to assist you with all your forum security needs.

Please join me in giving Rafael a warm welcome,

The vBSEO Team

Hello to all!

Thank you andres">Andres, and thanks to the vBSEO Team for the opportunity to work together.

I look forward to contribute to the community, to start, we're working in some guides, specially related to the url123.info issue, how it works, how to fix it and most important how to prevent it to happen again.

For any questions/comments please PM me, and if you have any Security related issue please send a ticket at one of the categories and I'll be there to help, the purpose of this is to track what we're doing and create an history of events so then we can be of more help in the future.

Regards,
Rafael

Welcome to the team Rafael

welcome to vbseo,
i sent PM about url123.info

Quick update: For the benefit of those seeking a consolidated place with answers to all questions concerning the recent security flaws, Rafael has made available a separate blog entry with more information on the matter.

Check it out here and post any questions you may have

I'm a bit late to the party but Congrats Rafael! vBSEO rocks!

good job vbseo. I work in infosec field (Security Engineer). and i had posted previously saying that vbseo should hire dedicated security specialist. really good job doing this..

just renewed my vbseo product. overall the product has helped my site a lot
keep up the great work and well done making security top priority

peace