No announcement yet.

Major security issue, any help?

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Zachery View Post
    Thanks a lot. Just ran it but unfortunately didn't help. I hope I won't have to resort to upgrading to vb4 because of this. Even worse that if I do and problem still remains.


    • #17
      If the problem disappeared when you disabled javascript, but even after you've uploaded all original vB files and the templates check out OK you're having the problem, then it sounds like you have something else there that's causing this.

      Have a look at your site and see if you have any htaccess files added, particularly if they have a url rewrite for the ones affected
      Vote for:

      - *Admin Settable Paid Subscription Reminder Timeframe*
      *PM - Add ability to reply to originator only*
      - Add Admin ability to auto-subscribe users to specific channel(s)
      - "Quick Route" Interface...


      • #18
        I've ran find command from ssh to locate all .htaccess files in /public_html folder and none of them are doing this.


        • #19
          I've finally found the issue. His first move was to pm all moderators and gave them a link to his phishing url and pretended to be reporting offensive post on our site. And indeed this fake site looked exactly like ours and had a post with someone using bad language. Some mods fell for it and he got into mod panel. And he placed a javascript in the announcement. I still don't see why would vbulletin allow javascript to be executed just because someone placed it in announcement.
          I had to dump myqsl database and download it, then searched for his url, I would never think to check the announcements.

          I've already requested all the mods to change passes and added extra htaccess password on modcp, so hopefully that should be enough.


          Related Topics