Announcement

**Ion Saliu** · Mon 23rd Sep '13, 10:11am

Originally posted by scroush View Post

need2speed.com/vb_forums/forum.php

You are using alpha:

“Powered by vBulletin® Version 4.2.2 Alpha 1”

“vBulletin Message
Site Maintenance.”

But, still, it is weird and still U N B E L I E V A B L E !

Look, these things have never happened to the vBulletin forums, the ones we are reading now. I will post on that topic soon…

As of your response, asthmatic DemonStar, – I still consider it irresponsible. No admin should erase an entire forum and lose all data!

**DemOnstar** · Mon 23rd Sep '13, 10:34am

Originally posted by Ion Saliu View Post

As of your response, asthmatic DemonStar, – I still consider it irresponsible. No admin should erase an entire forum and lose all data!

Matter of perspective and how much data one has to lose asthmatic one.

**donald1234** · Mon 23rd Sep '13, 10:54am

I read in your other thread that you are using php 5.2 something, that is old and depricated and could be the reason your forum is getting repeatedly attacked, the current php version is 5.5, you need to upgrade to at least 5.3.

**Wayne Luke** · Mon 23rd Sep '13, 11:02am

Originally posted by scroush View Post

My forums has been hacked a few times within the last 2 weeks, I have followed every post and still the guy comes back.

I have no additional admins
No Base64 code in the database
Removed the Install folder
Secured with htaccess AdminCP, ModCP, Includes, VB
Upgraded to the lastest VB version
Deleted all Plugins we had aside from the ones that come with vb
Changed DB Username & Password
Changed FTP Password

And as you can see he is back http://www.need2speed.com/vb_forums/forum.php

I have replaced the forum.php, content.php & index.php and the forum page still goes to the above page, need some major help. Not sure what else to do at this point.

I have read the links below.

http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

You didn't check for suspect files and either replace those not containing expected contents or delete those marked as not part of vBulletin.

You also need to check your templates for iFrames and javascript inclusions.

**scroush** · Mon 23rd Sep '13, 11:11am

Sorry I did check for suspect files and deleted those files, can you give me some tips on how to check the templates for iFrames & Javascripts? I got the site back up after upgrading to Alpha 1 with couple of issues which I have fixed at least one, working on the other.

**Wayne Luke** · Mon 23rd Sep '13, 11:21am

I use:

Code:

 SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';

For JavaScript, you need to manually review your modified templates. There would be too many false positives on a query.

**scroush** · Mon 23rd Sep '13, 12:00pm

Yes thats what I ran and posted the attachments, not sure if any of those might not look correct.

Also since my upgrade Im getting the error below on the CMS system

Warning: Declaration of vBCms_Item_Content::setItemId() should be compatible with that of vB_Model::setItemId() in ..../packages/vbcms/item/content.php on line 26

Warning: Declaration of vBCms_Collection_Content::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/content.php on line 23

Warning: Declaration of vBCms_Item_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/item/widget.php on line 0

Warning: Declaration of vBCms_Collection_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/widget.php on line 0

Attached Files

**Will Watts** · Mon 23rd Sep '13, 2:14pm

vB 4.2.2 is a compatibility release for PHP 5.4 rather than including any security fixes. You do need to look through your server logs to find out what's happening - the best thing to do would be to review your server logs, and manually look through your templates for JavaScript.

Originally posted by Ion Saliu View Post

The pieces of advice from other members (especially the axiomatic DemOnstar) amount to a big bunch of baloney. You can’t wipe out the server and lose all those posts and maybe subscriptions — that would be irresponsible! It would be like in the ancient fable: “Demolish the house because of the mice”.

I agree that wiping out your database would be a stupid thing to do, as is the suggestion that you set up the forum to "bait" the hacker to watch what he does. However that is not what I suggested.

**scroush** · Mon 23rd Sep '13, 2:29pm

I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?

**donald1234** · Mon 23rd Sep '13, 3:33pm

I would revert back to 4.2.1 as that is the stable release, especially as you are not on php5.4 vb 4.2.2 is still ion the alpha (testing) stage and is not recommended for production sites.

**scroush** · Mon 23rd Sep '13, 3:50pm

Yeah not doing that, I will upgrade PHP to 5.3 and see if that fixes some of the issues.

**Wayne Luke** · Mon 23rd Sep '13, 3:53pm

Originally posted by scroush View Post

I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?

There shouldn't be any errors under 5.3...

**scroush** · Mon 23rd Sep '13, 4:40pm

ok just upgraded to PHP 5.3 and the errors within the CMS and Forum seem to be gone however if I go into the AdminCP and click Edit within Forum Permission the error below shows up right above the options.

Warning: Non-static method vB_Bitfield_Builder::fetch_permission_group() should not be called statically in ..../includes/adminfunctions_forums.php on line 179

**scroush** · Tue 24th Sep '13, 6:02am

he is back and is redirecting the forum.php again, heck he is even reading this thread LOL

**donald1234** · Tue 24th Sep '13, 6:22am

Check through or get your host to check through the server logs to find out exactly what this guy is up to?

vBulletin 4 End of Life

Announcement

Keep getting hacked over and over by Ymh

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment