-
Not 100% sure, but good chance these are related:
https://www.vbulletin.com/forum/show...ssible-ExploitLeave a comment:
-
I have had the same experience. I disabled the Certified Ad Networks and have not had a complaint since.Leave a comment:
-
It certainly could be a rogue ad that's causing your problem, but those of us with a script in our Footer that tries to load alltagcloud.info are having a different issue. And, it's not a rogue ad.Originally posted by MarkTTU View Post
I talked to another forum owner today -- huge forum -- he had it in his footer and I noticed it and reported it to him. He said, he'd removed it once and now it's back. And yes... he's running Forum Runner, too.Leave a comment:
-
I think I may have found it. I've tried everything mentioned here and found no problems so I finally decided to try something off-the-wall and I disabled all Google Certified Ad Networks in my Adsense control panel. I did this on the 29th and have had no reports of infection since then. It would appear that one of Google's "Certified" networks was my culprit. I'm going to begin turning those networks back on one at a time and see what happens....Leave a comment:
-
3) Templates are stored in the database. You would have to search these from the AdminCP or by direct query. Templates have never been stored in the file system in vBulletin.
4) Plugins are stored in the database. You would have to manually review the code of each one within the Admin CP under Plugins/Products -> Plugin Manager.
5) Same as 4
6) Same as 4
A query was provided in the steps to handle 5 and 6 (says for 4 and 5 but that is wrong). Very easy to check simply by running the provided query.
7) output format here is really bad and can't really view the columns.
All of these steps can be run either in the AdminCP or phpMyAdmin though. They don't require special hosting privileges to check.Leave a comment:
-
Reply from our dedicated server company. Numbers from your suggested steps:Originally posted by Wayne Luke View Post
1. sounds like a good idea, shouldn't cause any problems. You should go ahead and do this. (I did this but found nothing)
2. I looked and it all looks fine
3. I couldn't find any of the files mentioned by name here, so I couldn't check these
4. I couldn't find a "plugin" or "plugins" directory, and I don't know where plugins are installed, so I can't do this
5. same as 4
6. same as 4
I ran the provided SQL and the one result returned looks fine (just calling a function that has 'exec' as part of the name):
7. I ran this SQL and the results all look fine / non-malicious:Code:mysql> SELECT title, phpcode, hookname, product FROM plugin WHERE mysql> phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE mysql> '%system%' OR phpcode like '%pass_thru%' OR phpcode like mysql> '%iframe%'; +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+ | title | phpcode | hookname | product | +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+ | vBa CMPS - Open Smilie Window in Admin CP Redirect | if | ($_REQUEST['do'] == 'getsmilies') { exec_header_redirect($vbulletin->options['bburl'] . '/misc.php?do=getsmilies&editorid=' . $_REQUEST['editorid'] . '&wysiwyg=' . intval($_REQUEST['wysiwyg']) . '&getsmilies=' . intval($_REQUEST['getsmilies'])); } | admin_global | adv_cmps | +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+ 1 row in set (0.00 sec)
Code:styleid title template \n".(($GLOBALS['vbulletin']->options['skimlinks_domain'] != 'go.yourdomain.com') ? ("var skimlinks_domain = '" . $GLOBALS['vbulletin']->options['skimlinks_domain'] . "';"\n</script>.events.systemInit.subscribe(skimlinks); \nVerdanaet MSmanperifum_font Arial -1 forumhome_markread_script <script type=\\"text/javascript\\" src=\\"clientscript/vbulletin_read_marker.js?v=" . $GLOBALS['vbulletin']->options['simpleversio\n</script>m_readmarker_system();kread'] = [URL="file:///\\$vbphrase[doubleclick_forum_markread]//"][U][SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]\\"$vbphrase[doubleclick_forum_markread]\\[/COLOR][/COLOR][/SIZE][/U][/URL][SIZE=2]"; \n</fieldset>t>ype=\\"hidden\\" name=\\"recaptcha_response_field\\" value=\\"manual_challenge\\" />\\" width=\\"400\\" frameborder=\\"0\\"></iframe>/iframe> \n\t".(($show['emailcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['emaillink']) ? ("<a href=\\"sendmessage.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=mailmember&u=$userinfo[userid]\\" target=\\"_blank\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/email.gif\\" alt=\\"email.gif\\" title=\\"" . construct_phrase("$vbphrase[click_here_to_email_x]", "$userinfo[username]") . "\\" border=\\"0\\" /></a>") : (""))." ".(($show['pmlink']) ? ("<a href=\\"private.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=newpm&u=$userinfo[userid]\\" target=\\"_blank\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/sendpm.gif\\" alt=\\"sendpm.gif\\" title=\\"" . construct_phrase("$vbphrase[send_private_message_to_x]", "$userinfo[username]") . "\\" border=\\"0\\" /></a>"\n\t".(($show['imicons'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">$userinfo[icqicon] $userinfo[aimicon] $userinfo[msnicon] $userinfo[yahooicon] $userinfo[skypei\n\t".(($show['homepagecol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['homepagelink']) ? ("<a href=\\"$userinfo[homepage]\\" target=\\"_blank\\"><img src=\\"$stylevar[imgdir_button]/home.gif\\" alt=\\"home.gif\\" title=\\"" . construct_phrase("$vbphrase[visit_xs_homepage]", "$userinfo[username]") . "\\" border=\\"0\\"\n\t".(($show['searchcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['searchlink']) ? ("<a href=\\"search.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=finduser&u=$userinfo[userid]\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/find.gif\\" alt=\\"find.gif\\" title=\\"" . construct_phra\n\t".(($show['avatarcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['avatar']) ? ("<img src=\\"$avatarurl\\" border=\\"0\\" $avwidth $avheight alt=\\"\n\t".(($show['usergroup'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['hideleader']) ? (" ") : ("<input type=\\"checkbox\\" name=\\"deletebox[$user\n</tr>erid]]\\" value=\\"yes\\" />"))."</td>") : (""))." \n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_login')\\"><img id=\\"collapseimg_uopt_login\\" src=\\"$stylevar[imgdi\n\t\t\t\t\t\t<td><label for=\\"cb_invisible\\"><input type=\\"checkbox\\" name=\\"options[invisible]\\" value=\\"1\\" id=\\"cb_invisible\\" $checked[invisible] />$vbphra\n\t\t\t\t\t\t<td><label for=\\"cb_showreputation\\"><input type=\\"checkbox\\" name=\\"options[showreputation]\\" value=\\"1\\" id=\\"cb_showreputation\\" $checked[showr\n\t\t\t\t\t\t<td><label for=\\"cb_showvcard\\"><input type=\\"checkbox\\" name=\\"options[showvcard]\\" value=\\"1\\" id=\\"cb_showvcard\\" $checked[showvcard] />$vbphra\n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_msg')\\"><img id=\\"collapseimg_uopt_msg\\" src=\\"$stylevar[imgdir_bu\n\t\t\t\t\t\t<td><label for=\\"cb_adminemail\\"><input type=\\"checkbox\\" name=\\"options[adminemail]\\" value=\\"1\\" id=\\"cb_adminemail\\" $checked[adminemail] />$vb\n\t\t\t\t\t\t<td><label for=\\"cb_showemail\\"><input type=\\"checkbox\\" name=\\"options[showemail]\\" value=\\"1\\" id=\\"cb_showemail\\" $checked[showemail] />$vbphra\n\t\t\t\t\t\t<td><label for=\\"cb_receivefriendemailrequest\\"><input type=\\"checkbox\\" name=\\"options[receivefriendemailrequest]\\" value=\\"1\\" id=\\"cb_receivefriendemailrequest\\" $checked[receivefriendemailrequest] />$vbphrase[receive_friendship_req_email]</label><input type=\\"hidden\\" name=\\"set_options[receivefriendemailreq\n\t\t\t\t\t\t<td><label for=\\"cb_receivepm\\"><input type=\\"checkbox\\" name=\\"options[receivepm]\\" value=\\"1\\" id=\\"cb_receivepm\\" onclick=\\"toggle_disabled(this.checked, 'pmoptions')\\" $checked[receivepm] />$vbphrase[enable_private_messaging]</label><input type=\\"hidden\\" name=\\"set_options[receivepm]\\" value=\\"1\\" /></\n\t\t\t\t\t\t\t<td><label for=\\"cb_receivepmbuddies\\"><input type=\\"checkbox\\" name=\\"options[receivepmbuddies]\\" value=\\"1\\" id=\\"cb_receivepmbuddies\\" $check\n\t\t\t\t\t\t\t<td><label for=\\"cb_emailonpm\\"><input type=\\"checkbox\\" name=\\"options[emailonpm]\\" value=\\"1\\" id=\\"cb_emailonpm\\" $checked[emailonpm] />$vbph\n\t\t\t\t\t\t\t<td><label for=\\"cb_pmpopup\\"><input type=\\"checkbox\\" name=\\"pmpopup\\" value=\\"1\\" id=\\"cb_pmpopup\\" $checked[pmpopup] />$vbphrase[show_pm_popu\n\t\t\t\t\t\t\t<td><label for=\\"cb_pmdefaultsavecopy\\"><input type=\\"checkbox\\" name=\\"options[pmdefaultsavecopy]\\" value=\\"1\\" id=\\"cb_pmdefaultsavecopy\\" $checked[pmdefaultsavecopy] />" . construct_phrase("$vbphrase[save_pm_copy_default]", "private.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl_q'] . "folderid=-1") \n\t\t\t\t\t\t\t" . construct_phrase("$vbphrase[features_visitor_messaging_system]", "member.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "u=" . $GLOBALS[\n\t\t\t\t\t\t<td><label for=\\"cb_vm_enable\\"><input type=\\"checkbox\\" name=\\"options[vm_enable]\\" value=\\"1\\" id=\\"cb_vm_enable\\" onclick=\\"toggle_disabled(this.checked, 'vmoptions')\\" $checked[vm_enable] />$vbphrase[enable_visitor_messaging]</label><input type=\\"hidden\\" name=\\"set_options[vm_enable]\\" value=\\"1\\" /></\n\t\t\t\t\t\t\t<td><br />" . construct_phrase("$vbphrase[usage_vm_only_from_contacts]", "profile.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=buddyli\n\t\t\t\t\t\t\t<td><label for=\\"cb_vm_contactonly\\"><input type=\\"checkbox\\" name=\\"options[vm_contactonly]\\" value=\\"1\\" id=\\"cb_vm_contactonly\\" $checked[vm_\n\t\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_thrd')\\"><img id=\\"collapseimg_uopt_thrd\\" src=\\"$stylevar[imgdi\n\t\t\t\t\t\t\t<div><label for=\\"cb_showsignatures\\"><input type=\\"checkbox\\" name=\\"options[showsignatures]\\" value=\\"1\\" id=\\"cb_showsignatures\\" $checked[sh\n\t\t\t\t\t\t\t<div><label for=\\"cb_showavatars\\"><input type=\\"checkbox\\" name=\\"options[showavatars]\\" value=\\"1\\" id=\\"cb_showavatars\\" $checked[showavatars\n\t\t\t\t\t\t\t<div><label for=\\"cb_showimages\\"><input type=\\"checkbox\\" name=\\"options[showimages]\\" value=\\"1\\" id=\\"cb_showimages\\" $checked[showimages] />\n\t\t\t\t\t\t<td>" . construct_phrase("$vbphrase[choose_thread_display_mode]", "faq.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "faq=vb3_board_usage#faq\n\t\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_date')\\"><img id=\\"collapseimg_uopt_date\\" src=\\"$stylevar[imgdi\n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_misc')\\"><img id=\\"collapseimg_uopt_misc\\" src=\\"$stylevar[imgdir_\n\t\t\t\t\t\t<label for=\\"cb_showusercss\\"><input type=\\"checkbox\\" name=\\"options[showusercss]\\" value=\\"1\\" id=\\"cb_showusercss\\" $checked[showusercss] />$vb\n</form>te_hook[usercp_options_end]\\"button\\" value=\\"$vbphrase[reset_fields]\\" accesskey=\\"r\\" />>\">"1\\" /> \n\t\t\t\t\twindow.location=\\"online.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl_js'] . "order=$sortorder&sort=$sortfield&pp=$perpage&page=$pagenumber$refre\n\t\t<meta http-equiv=\\"refresh\\" content=\\"" . $GLOBALS['vbulletin']->options['WOLrefresh'] . ";url=online.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl']\n<table class=\\"tborder\\" cellpadding=\\"$stylevar[cellpadding]\\" cellspacing=\\"$stylevar[cellspacing]\\" border=\\"0\\" width=\\"100%\\" align=\\"center\\" id=\\"wo\n\t\t<strong>" . construct_phrase("$vbphrase[x_members_and_y_guests]", "$numbervisible", "$numberguests") . "</strong><br />" . construct_phrase("$vbphrase[most_users_ev\n\t\t\t<a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&") : (""))."order=desc&sort=time&pp=$perpage&page=$pagenumber\\">$vbphrase[last_activity]</a>\n\t\t<a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&") : (""))."order=asc&sort=username&pp=$perpage&page=$pagenumber\\">$vbphrase[username]</a> $so\n\t<td class=\\"thead\\"><a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&") : (""))."order=asc&sort=location&pp=$perpage&page=$pagenumber\\">$vbphra\n</html>icons and forum jump -->\"> $vbphrase[viewing_error_message]</td>vbphrase[viewing_error_message]\\" /></td>age]\\" /></td>0%\\" align=\\"center\\"> \n</html>t>esh();0;"; = [/SIZE][URL="file:///\\$js_url//;efresh();//"][U][SIZE=2][COLOR=#0000ff][SIZE=2][COLOR=#0000ff]\\"$js_url\\";efresh();\\[/COLOR][/SIZE][/COLOR][/SIZE][/U][/URL][SIZE=2]", 100);" />se[click_if_browser_does_not_redirect]</a></p>" onclick=\\"proceed_click()\\" accesskey=\\"s\\" />"> [/SIZE]
8. htaccess files are all clean.
[/SIZE]Leave a comment:
-
These three have been replaced but still report that they are not as expected: vbulletin-adminhelp.xml vbulletin-language.xml vbulletin-settings.xmlLeave a comment:
-
This is common after applying a Patch Level release. It isn't anything to be worried about.Originally posted by 45Wheelgun View PostLeave a comment:
-
Wayne,
I ran Suspect File Diagnostics and it said that class_core.php and functions.php, now when I rerun it they are reported as:
At the top of the page it says I am running 3.8.7 PL2 so I am confused.File version mismatch: found 3.8.7 Patch Level 2, expected 3.8.7 Patch Level 1" Leave a comment:
-
This on your 3.7.4 or 3.8.7 license?Originally posted by diretur View Post
Run this query:
UPDATE usertextfield SET searchprefs='';
Make sure you're on either 3.8.7 PL2 or 4.1.9
Finally secure your Admin CP with a second layer of access through .htaccess.Leave a comment:
vBulletin 3 End of Life
vBulletin 3 is end of life and will not be receiving future development. Warning: vBulletin 3.8.11 is not compatible with PHP 7.2.0 or higher.
Welcome to the vBulletin support forums! In our community forums you can receive professional support and assistance with any issues you might have with your vBulletin Products.
Useful Links for Guests:
If you are having problems posting in the relevant areas for your software, please see this topic.
Leave a comment: