Announcement

Collapse
No announcement yet.

Manual Security Patch Instructions for VB 4.x.x

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BirdOPrey5
    replied
    Originally posted by kandhro View Post
    Hello
    iam looking for some of ur help in regards of , i have done manual editing in my vb 4.2.0 for the files as per instructions here in top ,
    the noted results i have seen is no any member is able to login and same with admin after i place right details and click login it show blank screen
    with as follow link www.xyzzzz.com/login.php?do=login

    then i tried to restore edited files back from backup my forum works fine as usual, suggest me

    hope to have a solution
    Hello,

    What software are you using when you edit the files? What it the name of the text editor you are using and what is your computer operating system?


    Leave a comment:


  • MoreLinux
    replied
    @Joe D.: Thanks. Easy fix in 5 min.

    Leave a comment:


  • kandhro
    replied
    Hello
    iam looking for some of ur help in regards of , i have done manual editing in my vb 4.2.0 for the files as per instructions here in top ,
    the noted results i have seen is no any member is able to login and same with admin after i place right details and click login it show blank screen
    with as follow link www.xyzzzz.com/login.php?do=login

    then i tried to restore edited files back from backup my forum works fine as usual, suggest me

    hope to have a solution

    Leave a comment:


  • BirdOPrey5
    replied
    If you installed vBulletin into the /phpbb/ directory then yes they may very well be the same. If you can find that code in it, go ahead and make the changes.

    Leave a comment:


  • vbsm
    replied
    Might these two be the same?...

    /public_html/phpbb/includes/functions.php
    /public_html/forums/includes/functions.php

    Leave a comment:


  • donald1234
    replied
    Yes you can go straight to 4.2.2, that is what JoeD said if you read the post again, database errors are rare and usually occur for a reason. Remember to do a full backup before an upgrade so you can restore your forum as it was if things do go wrong.

    Leave a comment:


  • supergaijin
    replied
    Originally posted by Joe D. View Post

    Hello, if you are on 4.2.0 you have two choices at this point-

    1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

    2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

    You choose 1 OR 2, not both.

    So I can jump from 4.2.0 to 4.2.2 PL1 without doing the updates in-between (4.2.2 PL! is an inclusive update)? Also, I noticed some people having database errors after the update. Is this common? (Our PHP is greater than 5.2)

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by supergaijin View Post
    So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

    Thanks in advance.
    Hello, if you are on 4.2.0 you have two choices at this point-

    1) You download 4.2.2 PL1 (the full version) from the Member's Area and upgrade to 4.2.2. Then you are good.

    2) You follow the instructions in Post #1 to manually patch your existing 4.2.0 install, then you are also safe from this latest exploit.

    You choose 1 OR 2, not both.

    Leave a comment:


  • BirdOPrey5
    replied
    Originally posted by Pony View Post
    Updated from 4.1. to 4.2.2, and after that was done applied PL1.

    ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

    Just want to make sure I'm good.

    EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.
    If you decided to upgrade to 4.2.2 and you download 4.2.2 from the Member's Area after the patch was released on Thursday, then the patch is automatically applied to the 4.2.2 files you downloaded.

    Anyone choosing to upgrade to 4.2.2 at this point who download a fresh copy of 4.2.2 does not have to apply the patch, it is already included in 4.2.2 at this point.

    Leave a comment:


  • supergaijin
    replied
    So just to be clear, if I'm on 4.2.0 PL3, I need to follow the manual instructions in the OP to upgrade to 4.2.2 PL1 and can't just copy the pre-patched files to bring my 4.2.0 up to 4.2.2?

    Thanks in advance.

    Leave a comment:


  • Pony
    replied
    Updated from 4.1. to 4.2.2, and after that was done applied PL1.

    ACP does not show that I'm running PL1, and the new files are showing up as 'file does not contain expected contents'. I have verified all files in PL1 are uploaded.

    Just want to make sure I'm good.

    EDIT; I see at the very bottom of the screen the "powered by" 4.2.2 pl1, so I'm guessing I'm good. Was too busy looking at the top that I missed the bottom.
    Last edited by Pony; Fri 14 Mar '14, 9:25pm. Reason: further investigation

    Leave a comment:


  • BirdOPrey5
    replied
    I understand this marks a change in how people are used to getting patches for 4.x because we only supplied an actual patch for VB 4.2.2. However this is not the thread for complaints. Any post that is not a valid request for support or feedback on actually applying the above changes will be deleted. Anyone posting off topic past this point will get infractions. Please use the Licensed Customer Feedback forum to provide feedback on the exploit/patches/bug fixes in general. This topic is for support of people trying to secure their sites.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by kandhro View Post
    for manual patching
    do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

    and thanks for the good support Mark B
    If you patch with the manual instructions that's all you need to do.
    It's either upload the patch files or manually edit the existing files.

    Leave a comment:


  • Raptor
    replied
    very easy instructions - took no more than 5 minutes. I shake my head at some guys who are confused about how to do this.

    Leave a comment:


  • kandhro
    replied
    for manual patching
    do i have to upload patch files downloaded from mebers area + manually edit files or just manual editing is all what i have to do in this patch ?

    and thanks for the good support Mark B

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X