Re: UPDATE vBulletin Version 3.5.4 exploit

[scott () vbulletin com]

If you have the CAPTCHA enabled then the registrations won’t even go through. This can be enabled via the Admin Control 
Panel. It's not enabled by default due to extra module requirements in PHP.

The option for CAPTCHA exists in all versions of vBulletin and the majority of customers enable it almost immediately.

Though if you are talking about the flood being allowed in the first place then surely this is something that should be 
handled at the server level by modules such as mod_evasive.

Scott MacVicar
Development Team, vBulletin