Originally posted by Paul M
View Post
-
According to the last post in this thread: http://www.vbulletin.org/forum/showt...177559&page=21 , it isn't fixed. This guy says he just installed the latest version and got hacked. -
Good news! I'm back up and running!
My forum is hosted through URLjet.com.
They were able to help get me up and running again, and fixed all all of my user titles.
Luckily they were able to determine the fix and it didn't take more than a few minutes to implement.
For users here in the forum that need immediate assistance with this, you may want to try contacting them to see if they are willing to assist you on the appropriate methods.Leave a comment:
-
Fixed
This bug has been fixed and I'm waiting for vB.org Staff to restore my mods.
Once they do this please upgrade your forums.
I'll let you know when it's done via "Send Update" feature.
To update:
Just import new XML with "overwrite" checked.
I'm sorry for any inconveniences this may have caused.
ValterLeave a comment:
-
Paul M. has quarantined the modification in question, 3.x and 4.x versions. If you marked the modification as "Installed" then you should have received the email notification regarding the quarantine.
http://www.vbulletin.org/forum/showt...177559&page=21Leave a comment:
-
Our forum was hacked as well. We are running Cyb - Advanced Forum RulesLeave a comment:
-
For anyone who was hacked please start a support ticket with my attention, make sure to provide admincp, ftp, and phpmyadmin access.Leave a comment:
-
I also have that hack installed. I'm betting that is the gate in since it seems to be the common bond between our forums.Leave a comment:
-
cyb - advanced rules was downloaded over 14000 times, so if this addon has a vulnerability then the impact can be pretty wide.Leave a comment:
-
I believe you maybe right. I have looked over each mod and this Cyb - Advanced Forum Rules which was installed on my forum as well could be the problem. I came to the same conclusion earlier, however I was wondering would they be able to change the index(s) with their content as they did in my case by gaining entry this way. They were able to inject sql data into the database, but not sure how they changed the index.phpOriginally posted by thincom2000 View PostLast edited by Trevor Hannant; Wed 4 May '11, 6:45am.Leave a comment:
-
Reviewed the code for Cyb - Advanced Forum Rules and this can be the culprit as I see an exploit there: you can inject SQL and modify the database if you tamper with the HTML form when agreeing to the rules. The posted data, while cleaned, is not escaped before being used in the database query. Because many modern browsers let you modify a page's HTML, posted data cannot be trusted like this. This uses misc.php so it supports unterschluepfli's belief that the attacker entered through misc.php
CODE REMOVED
The $cybfr_rulesaccepted string contains the post data for a form field, which I think the modder expects to be a list of IDs. While this is likely where the attacker gained entry, the same mistake is made in multiple places throughout the modification.Last edited by Trevor Hannant; Wed 4 May '11, 6:45am.Leave a comment:
.
-
I just signed up for vbulletin. It is used in a lot of gaming communities. I am trying to build my own community and now have enough members to justify building a forum. So I know alot of the clans/gaming...Wed 7 Jun '17, 9:25am
Leave a comment: