Announcement

Collapse
No announcement yet.

Forum hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • R1lover
    replied
    Add another site that was compromised from tapatalk... running 4.1.x, 1 hour after the admin logged in with tapatalk, someone from amsterdam logged in with his info and inserted an iframe script into the header tempaltes. This forum owner never used tapatalk in the last 6 months, first login with it... and his info was compromised.

    Removed tapatalk from all sites...

    Leave a comment:


  • Fred Weiss
    replied
    Originally posted by yellowpeter View Post
    Hello forum owners,

    More information about this exploit can be found here:
    http://www.tapatalk.com/forum/showth...1665#post11665

    Let us know if you have any issue - we are standing by to help out.
    I just clicked the link you supplied in that post that begins:
    To check if you site is infected, this specific post instructs how to find and remove the inflection:
    and received a warning that it was infected. Specifically the virus name is exploit javascript obfuscation (type 1332).
    Last edited by Fred Weiss; Fri 26 Nov '10, 12:05am.

    Leave a comment:


  • yellowpeter
    replied
    Originally posted by dstephan View Post
    It seems Tapatalk themselves are down now. What's the easiest way to disable this app until this is resolved?
    Our website was down for 3 hours for server memory issue. And is restored since then.

    Leave a comment:


  • beishe8
    replied
    Disable it in the ACP.

    Leave a comment:


  • dstephan
    replied
    It seems Tapatalk themselves are down now. What's the easiest way to disable this app until this is resolved?

    Leave a comment:


  • kmike
    replied
    To be fair, I can't see any evidence in the posted information that the intruder got in via tapatalk. Having some directory at 777 mode doesn't automatically gives everyone access to write to it. For one, the clientscript directory or the attachments directory is most likely mode 777, too, but that doesn't mean the site is vulnerable.

    Leave a comment:


  • yellowpeter
    replied
    Hello forum owners,

    More information about this exploit can be found here:
    http://www.tapatalk.com/forum/showth...1665#post11665

    Let us know if you have any issue - we are standing by to help out.

    Leave a comment:


  • Dotcomdotcom
    replied
    It has happen on both tapatalk and non tapatlk vbullrtin sites.

    Leave a comment:


  • wacnstac
    replied
    I thought the exploit was in Tapatalk.

    Leave a comment:


  • Dotcomdotcom
    replied
    FYI this is also happens on non Tapatalk sites.

    Leave a comment:


  • wacnstac
    replied
    Tapatalk please address how this vulnerability was exploited in your software and what steps you are taking to make sure it never happens again.

    Leave a comment:


  • Dotcomdotcom
    replied
    Chrome, Mozilla Mcaffee is blacklisting / warning on the site.

    I assume they are coming up 1-2 days late regardless if there is a virus right now on the site?
    Last edited by Dotcomdotcom; Fri 25 Jun '10, 10:22am.

    Leave a comment:


  • webnsn
    replied
    Yes some times we are also facing same time, just black page..

    Leave a comment:


  • yellowpeter
    replied
    Hello we have just released an emergency update of Tapatalk plugin (specificially for vBulletin 3.8) to address the file inflection issue. Please visit this page to download the latest plugin:

    http://www.vbulletin.org/forum/showt...45#post1768745

    Note that we also released the same update for vBulletin 3.7 and 4.0 to further strength the security although we have no received similar report.

    In any case please also double check your file permission and make sure all the .php files are 644 and the "mobiquo" directory itself is set as 755.

    Thank you.

    Leave a comment:


  • yellowpeter
    replied
    Originally posted by Dotcomdotcom View Post
    Priustalk was infectdd through plugin tapatalk:

    http://priuschat.com/forums/priuscha...ml#post1142672
    Hello Dotcomdotcom,

    Is the xmlrpc2.php file being placed inside the Tapatalk directory and use this file to start the attack?

    We are looking at this issue right now (We are the creator of Tapatalk) and are very concerned of this issue.

    Leave a comment:

Related Topics

Collapse

Working...
X