Originally posted by Paul M
View Post
Announcement
Collapse
No announcement yet.
Site hacked, can someone please help?
Collapse
This topic is closed.
X
X
-
-
Urljet is good people..
Originally posted by BluebeamSoftware View PostGood news! I'm back up and running!
My forum is hosted through URLjet.com.
They were able to help get me up and running again, and fixed all all of my user titles.
Luckily they were able to determine the fix and it didn't take more than a few minutes to implement.
For users here in the forum that need immediate assistance with this, you may want to try contacting them to see if they are willing to assist you on the appropriate methods.
Leave a comment:
-
Originally posted by Cybernetec View PostThis bug has been fixed and I'm waiting for vB.org Staff to restore my mods.
Once they do this please upgrade your forums.
I'll let you know when it's done via "Send Update" feature.
To update:
Just import new XML with "overwrite" checked.
I'm sorry for any inconveniences this may have caused.
Valter
Leave a comment:
-
Good news! I'm back up and running!
My forum is hosted through URLjet.com.
They were able to help get me up and running again, and fixed all all of my user titles.
Luckily they were able to determine the fix and it didn't take more than a few minutes to implement.
For users here in the forum that need immediate assistance with this, you may want to try contacting them to see if they are willing to assist you on the appropriate methods.
Leave a comment:
-
Fixed
This bug has been fixed and I'm waiting for vB.org Staff to restore my mods.
Once they do this please upgrade your forums.
I'll let you know when it's done via "Send Update" feature.
To update:
Just import new XML with "overwrite" checked.
I'm sorry for any inconveniences this may have caused.
Valter
Leave a comment:
-
Paul M. has quarantined the modification in question, 3.x and 4.x versions. If you marked the modification as "Installed" then you should have received the email notification regarding the quarantine.
http://www.vbulletin.org/forum/showt...177559&page=21
Leave a comment:
-
Leave a comment:
-
Our forum was hacked as well. We are running Cyb - Advanced Forum Rules
Leave a comment:
-
For anyone who was hacked please start a support ticket with my attention, make sure to provide admincp, ftp, and phpmyadmin access.
Leave a comment:
-
I also have that hack installed. I'm betting that is the gate in since it seems to be the common bond between our forums.
Leave a comment:
-
cyb - advanced rules was downloaded over 14000 times, so if this addon has a vulnerability then the impact can be pretty wide.
Leave a comment:
-
Originally posted by thincom2000 View PostReviewed the code for Cyb - Advanced Forum Rules and this can be the culprit as I see an exploit there: you can inject SQL and modify the database if you tamper with the HTML form when agreeing to the rules. The posted data, while cleaned, is not escaped before being used in the database query. Because many modern browsers let you modify a page's HTML, posted data cannot be trusted like this. This uses misc.php so it supports unterschluepfli's belief that the attacker entered through misc.php
CODE REMOVED
The $cybfr_rulesaccepted string contains the post data for a form field, which I think the modder expects to be a list of IDs. While this is likely where the attacker gained entry, the same mistake is made in multiple places throughout the modification.Last edited by Trevor Hannant; Wed 4 May '11, 5:45am.
Leave a comment:
-
Reviewed the code for Cyb - Advanced Forum Rules and this can be the culprit as I see an exploit there: you can inject SQL and modify the database if you tamper with the HTML form when agreeing to the rules. The posted data, while cleaned, is not escaped before being used in the database query. Because many modern browsers let you modify a page's HTML, posted data cannot be trusted like this. This uses misc.php so it supports unterschluepfli's belief that the attacker entered through misc.php
CODE REMOVED
The $cybfr_rulesaccepted string contains the post data for a form field, which I think the modder expects to be a list of IDs. While this is likely where the attacker gained entry, the same mistake is made in multiple places throughout the modification.Last edited by Trevor Hannant; Wed 4 May '11, 5:45am.
Leave a comment:
Related Topics
Collapse
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...
-
Channel: vB Cloud Support & Troubleshooting.
Wed 7 Jun '17, 8:25am -
Leave a comment: