Announcement

**swiftor** · Tue 31st May '11, 4:00am

Thanks for the reply, although I believe I have both steps 1 and 2 covered. 3.6.0 of vbseo, and I downloaded my existing core_class.php to edit, then re-uploaded it. Just changed the 7 to a 9.

I tried a server reboot as suggested by motowebmaster, but had no luck there, I just ended up with every page, even forum home, giving:

Warning: Cannot modify header information - headers already sent by (output started at [path]/includes/class_core.php:1) in [path]/includes/functions.php on line 3904

I also tried disabling VBSEO and vbOptimize (which handles CDN caching of many files), and still had no luck.

Anything else I can try?

Originally posted by djbaxter View Post

1. Make sure you have tyhe latest version of vBSEO installed.

2. Make sure you are uploading the correct version of includes/class_core.php
- I got a similar error when I first tried to change the version but it turned out I was uploading an earlier version that the one I was running (4.13).

**digitalpoint** · Tue 31st May '11, 11:25am

Sounds like you added an extra carriage return (or some other charcter) before the <?php opening tag in class_core.php.

**dendrob** · Tue 31st May '11, 11:39am

So much for the YUI theory. I did as instructed, worked for a day and now I'm redirecting again. @#$%^%%^ !!!!

**Ramsesx** · Tue 31st May '11, 1:16pm

I don't get why there is a security patch, so far as it is known, there are only two yui files affected, one isn't in vB3.x and the other one was patched already. An explanation would be appreciated.

**Zachery** · Tue 31st May '11, 1:21pm

Originally posted by Ramsesx View Post

I don't get why there is a security patch, so far as it is known, there are only two yui files affected, one isn't in vB3.x and the other one was patched already. An explanation would be appreciated.

Better safe than sorry.

**Ramsesx** · Tue 31st May '11, 1:23pm

Originally posted by Zachery View Post

Better safe than sorry.

That's true. Good job.

**briansol** · Tue 31st May '11, 4:04pm

The download for 3.8.7 pl1 and my current version yui (3.8.5) are the exact same file sizes on all files. Changing the define in class_core won't do anything for local hosted.

So, why isn't the local instance patched? I have no desire to run remote when i have my own min functionality and cdn serving my js with superior performance of my own server and minimization and skips a dns lookup over remotely hosted.

Should i just download yui from yahoo themselves and find the files to upload on my own? why weren't the files updated?

**swiftor** · Tue 31st May '11, 4:09pm

Thanks, edited it via Putty and it seems fine now!

Now to see if traffic bumps up..

Originally posted by digitalpoint View Post

Sounds like you added an extra carriage return (or some other charcter) before the <?php opening tag in class_core.php.

**Joe D.** · Wed 1st Jun '11, 3:11am

I don't understand the security patch- it only changes the line in the class_core.php file to 2.9.0. What if your settings were set to use a local copy of the files (like mine were)? How can changing a line in a file upgrade your local copy of your YUI files?

**Marvin Hlavac** · Wed 1st Jun '11, 12:26pm

Hmm, so does the 3.8.7 PL1 include the latest YUI, or it doesn't? I serve my own to save a DNS look up, and I combine my .js files to save http requests. I'm not about to revert these improvements. Could a vB staff please confirm the latest YUI is or isn't included?

**Zachery** · Wed 1st Jun '11, 12:53pm

Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo

**Bacon Butty** · Wed 1st Jun '11, 1:33pm

Originally posted by dendrob View Post

So much for the YUI theory. I did as instructed, worked for a day and now I'm redirecting again. @#$%^%%^ !!!!

Same here, in addition to this error;
http://www.vbulletin.com/forum/showt...ch-Not-Working

I think the issue is beyond the YUI

Originally posted by Zachery View Post

Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo

What if that doesn't resolve the issue?

If you check my forum. View the source code, you'll see the YUI amend has been made.

Then google 'Everton Forum' - Click my forum and you'll more likely than not end up at a dodgy myfilestore.com link.

**briansol** · Wed 1st Jun '11, 5:06pm

Originally posted by Zachery View Post

Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo

Thanks for the confirmation of a half-patch.

Patching on my own, again..........................

**PixelGal** · Wed 1st Jun '11, 6:42pm

I did all of the steps a few days ago and they got me again today. I have upped security... changed passwords. What can I do to stop this?

**briansol** · Wed 1st Jun '11, 7:25pm

check your logs. no one really knows and any log data you have may help find the leak.

Announcement

vBulletin 3.x and 4.x Redirect Security Exploit

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics