Announcement

Collapse
No announcement yet.

File2Store Is driving me crazy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • File2Store Is driving me crazy

    I finally got hit by this one, I see its been around since mid 2011, and I was running 3.8.6 PL1 for quite some time. This week I noticed a big drop in traffic and found this by going through google and ending up at file2store.

    I have been reading posts about this for 3 days now and am nowhere other than I can clear it out of the parsed templates by disabling a plugin and re-enabling it.

    I scanned all server files for "base64_decode"

    -Cron.php
    -funtions.php

    These were all replaced when i upgraded to 3.8.7 PL2 this week

    I removed 2 entried in my remote SQL (both were IP's I added) and were full static IP's

    I scanned all the files by date on my server with nothing outstanding, searched through my Cron Jobs

    Anyone have an actual answer to what this exploit is actually coming from?

    Thanks,
    Chris

  • #2
    http://www.vbseo.com/f5/faqs-rogue-p...release-52862/
    anders | vbulletin team | check out the new vbulletin facebook app
    Proudly vBulletin'ing since 2001
    Please be my friend!
    http://www.twitter.com/inetskunkworks
    vBulletin Performance Articles:
    Click here to read

    Comment


    • #3
      Thank you, After reading 90 posts that it definately IS NOT VBSEO I stopped looking for that side

      Comment


      • #4
        You checked the database?

        Comment


        • #5
          Here is the correct info on your fix.

          http://www.theadminzone.com/forums/s...2&postcount=81

          We've been battling it for a long long time





          FYI.. that has NOTHING to do with the file2store exploit..

          -- Web Developer for hire
          ---Online Marketing Tools and Articles

          Comment


          • #6
            Originally posted by Loco.M View Post
            Here is the correct info on your fix.

            http://www.theadminzone.com/forums/s...2&postcount=81

            We've been battling it for a long long time
            I don't see how his solution is actually attributed to a fault in vBulletin.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              Originally posted by Wayne Luke View Post
              I don't see how his solution is actually attributed to a fault in vBulletin.
              All that I know is that it worked on 2 client sites, one had been battling it a long time. (see the rest the TAZ thread)

              Just trying to help the OP out.
              -- Web Developer for hire
              ---Online Marketing Tools and Articles

              Comment


              • #8
                Originally posted by Loco.M View Post
                All that I know is that it worked on 2 client sites, one had been battling it a long time. (see the rest the TAZ thread)

                Just trying to help the OP out.
                I am sure it would. Wildcard Remote Access to a MySQL server is just asking to be hacked.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X