Announcement

Collapse
No announcement yet.

Keep getting hacked over and over by Ymh

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jaxo
    replied
    Is this still happening or did you manage to get it sorted? My site is being attacked daily and everything posted in this thread seems to be a mirror of whats happening to me. Im getting fed up now.. No matter what I do they still get in..

    My opinion.. vbulletin is insecure,,. this seems to be happening to a lot of vbulletin sites atm

    Leave a comment:


  • scroush
    replied
    I have no plugins other than the vb default ones.

    Leave a comment:


  • markp_2000
    replied
    Check you plugins. That was how I was getting reinfected.

    Leave a comment:


  • donald1234
    replied
    Check through or get your host to check through the server logs to find out exactly what this guy is up to?

    Leave a comment:


  • scroush
    replied
    he is back and is redirecting the forum.php again, heck he is even reading this thread LOL

    Leave a comment:


  • scroush
    replied
    ok just upgraded to PHP 5.3 and the errors within the CMS and Forum seem to be gone however if I go into the AdminCP and click Edit within Forum Permission the error below shows up right above the options.

    Warning: Non-static method vB_Bitfield_Builder::fetch_permission_group() should not be called statically in ..../includes/adminfunctions_forums.php on line 179

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by scroush View Post
    I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?
    There shouldn't be any errors under 5.3...

    Leave a comment:


  • scroush
    replied
    Yeah not doing that, I will upgrade PHP to 5.3 and see if that fixes some of the issues.

    Leave a comment:


  • donald1234
    replied
    I would revert back to 4.2.1 as that is the stable release, especially as you are not on php5.4 vb 4.2.2 is still ion the alpha (testing) stage and is not recommended for production sites.

    Leave a comment:


  • scroush
    replied
    I will be upgrading to PHP 5.3 at least, but any help on the errors after the upgrade?

    Leave a comment:


  • Will Watts
    replied
    vB 4.2.2 is a compatibility release for PHP 5.4 rather than including any security fixes. You do need to look through your server logs to find out what's happening - the best thing to do would be to review your server logs, and manually look through your templates for JavaScript.

    Originally posted by Ion Saliu View Post
    The pieces of advice from other members (especially the axiomatic DemOnstar) amount to a big bunch of baloney. You can’t wipe out the server and lose all those posts and maybe subscriptions — that would be irresponsible! It would be like in the ancient fable: “Demolish the house because of the mice”.
    I agree that wiping out your database would be a stupid thing to do, as is the suggestion that you set up the forum to "bait" the hacker to watch what he does. However that is not what I suggested.

    Leave a comment:


  • scroush
    replied
    Yes thats what I ran and posted the attachments, not sure if any of those might not look correct.

    Also since my upgrade Im getting the error below on the CMS system

    Warning: Declaration of vBCms_Item_Content::setItemId() should be compatible with that of vB_Model::setItemId() in ..../packages/vbcms/item/content.php on line 26

    Warning: Declaration of vBCms_Collection_Content::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/content.php on line 23

    Warning: Declaration of vBCms_Item_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/item/widget.php on line 0

    Warning: Declaration of vBCms_Collection_Widget::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in..../packages/vbcms/collection/widget.php on line 0
    Attached Files

    Leave a comment:


  • Wayne Luke
    replied
    I use:
    Code:
     SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';


    For JavaScript, you need to manually review your modified templates. There would be too many false positives on a query.

    Leave a comment:


  • scroush
    replied
    Sorry I did check for suspect files and deleted those files, can you give me some tips on how to check the templates for iFrames & Javascripts? I got the site back up after upgrading to Alpha 1 with couple of issues which I have fixed at least one, working on the other.

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by scroush View Post
    My forums has been hacked a few times within the last 2 weeks, I have followed every post and still the guy comes back.

    I have no additional admins
    No Base64 code in the database
    Removed the Install folder
    Secured with htaccess AdminCP, ModCP, Includes, VB
    Upgraded to the lastest VB version
    Deleted all Plugins we had aside from the ones that come with vb
    Changed DB Username & Password
    Changed FTP Password

    And as you can see he is back http://www.need2speed.com/vb_forums/forum.php

    I have replaced the forum.php, content.php & index.php and the forum page still goes to the above page, need some major help. Not sure what else to do at this point.

    I have read the links below.

    http://www.vbulletin.com/forum/blogs...ve-been-hacked

    http://www.vbulletin.com/forum/blogs...vbulletin-site
    You didn't check for suspect files and either replace those not containing expected contents or delete those marked as not part of vBulletin.

    You also need to check your templates for iFrames and javascript inclusions.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X