Announcement

Collapse
No announcement yet.

Error - no changes were made to the site

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Error - no changes were made to the site

    I'm trying to piece this together, but my site is no longer loading...

    I am running 4.2.
    No changes have been made to the site in months... although a lot of my files now say modified 12/17 at 2:09 AM. No one did anything though.

    The error: PHP Fatal error: Cannot redeclare fi() (previously declared in /home/<user>/public_html/forum/showthread.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code:1) in /home/<user>/public_html/forum/global.php(1) : eval()'d code(2) : eval()'d code(1) : eval()'d code on line 1

    I don't even know where to go with this. Any assistance would be helpful.
    Tags: None
  • #2
    I am getting the same type of errors.

    Comment

    • #3
      If the files were modified and you didn't do it you should contact your host to see if they have an explanation- this would be a serious issue if someone unathorized has access to your files.

      I would re-upload a fresh set of the the vBulletin files- download the exact version you are using from the Member's Area and re-upload all file like you were doing an upgrade, except do not upload the /install/ directory- it should not exist on your server either.

      Comment

      • #4
        I'm getting EXACTLY the same error, and our site is down. Happened today. Using HostGator

        Comment

        • #5
          Another person with the same issue reports restoring a fresh set of vBulletin files fixed the issue for him.

          Without more info it is hard to know if you were hacked or something else happened- but I would follow the instructions to clean up and secure your sites-

          http://www.vbulletin.com/forum/blogs...ve-been-hacked

          http://www.vbulletin.com/forum/blogs...vbulletin-site

          Comment

          • #6
            uploading all the files did the trick for me. Still have no idea what caused the problem, but will assume someone hacked the site, until proven otherwise.
            On a related note, does the base install of vB include Panjo? If not, someone installed it on our site. That was the only unwanted product/plug-in I found.

            -Steve
            Last edited by MNbiker; Wed 18th Dec '13, 6:16pm.

            Comment

            • #7
              Originally posted by MNbiker View Post
              uploading all the files did the trick for me. Still have no idea what caused the problem, but will assume someone hacked the site, until proven otherwise.
              On a related note, does the base install of vB include Panjo? If not, someone installed it on our site. That was the only unwanted product/plug-in I found.

              -Steve
              We don't use Panjo because we are suspicious of it; that's partly because we tried Vertical Response when it first got integrated into vBulletin before finally giving up on it and using MailChimp instead (MailChimp is much better in our experience). My suspicion is that integrating Panjo would result in you building Panjo's business rather than your own business. If you wanted to add classifieds I think dBTech have a mod that does this.

              To the best of my knowledge the only way Panjo can be installed is if it is set to "enable" in AdminCP, Plugins and Products, Manage Products, Installed Products. So the base install of vB must include Panjo or you wouldn't just be able to enable it.

              Comment

              • #8
                Hello,

                Yes Panjo is installed by default with VB 4.2.2.

                Yes you were likely hacked, The other customer found multiple rouge plugins in his Plugin Manager, at the top, under the vBulletin Product listing. By default vBulletin doesn't have any plugins for the vBulletin Product, if you have any they should be ones you manually added yourself. Check the code of all plugins and delete any you didn't create.

                The other customer also found a fake bank website uploaded to his store_sitemap folder - You should go to Admin CP -> Maintiance -> Diagnostics -> Suspect File Check and delete any suspect files you cannot account for as being from a modification you authorized.

                By the way the other thread is here- http://www.vbulletin.com/forum/forum...ked-what-to-do

                Comment

                • #9
                  Our site went down again last night, so I apparently missed something in the clean-up process. I'm guessing it's a rogue/corrupted plug-in, since I re-loaded all the vB files, changed passwords, etc.

                  Comment

                  • #10
                    I think I found it. There's an init_startup plug-in loaded that loads subscriptions.php.

                    Comment

                    • #11
                      I had to completely move servers. Everything is trash. My site was sending DDOS attacks to anyone that went to the site, and the all the files has Trojans.

                      Comment

                      • #12
                        There are four steps to securing your site. If you don't do them all or you do them in the wrong order than you're still susceptible to being attacked again.

                        Close the hole... This has three subparts in this instance.
                        1. Delete your install folder
                        2. Review your admin users and delete any that don't belong. Don't ban them. Don't make them regular users. Delete them.
                        3. Close access to your AdminCP using .htaccess. Use either user authorization with a different username and password or IP address restrictions.
                        Fill the Hole... There are seven subparts in this instance.
                        1. Review your files for changes. You can do this under Maintenance -> Diagnostics.
                        2. Delete any Suspect Files.
                        3. Replace any files marked as "Does not contain expected contents"
                        4. Scan your plugins for malicious code (exec, base64, system, pass_thru, iframe are all suspect keywords). Delete any you find.
                        5. Repair any templates. Any templates that you don't have notes on changing, you need to revert. If you're using a custom style, it is best to delete your existing style and reimport from a fresh download.
                        6. Update your Addon Products.
                        7. Rebuild your datastores. You can use tools.php in the "do not upload" folder to do this. Upload it to your admincp directory, delete when done.
                        Secure the Hole
                        Parts of this were done by closing the hole but there are still things to do here.
                        1. Keep notes of all changes you make to the system - what templates and phrases you change, what files belong to which addons, what plugins do the addons install.
                        2. Consider using a separate Super Admin who has access to admin logs in the AdminCP. There should be only one Super Admin.
                        3. Create a lower permission Administrator for every day use.
                        4. Review your permissions in the system.
                        5. Block off access to the includes, modcp, packages and vb folders via .htaccess. Deny All can work here, unless you use the ModCP. You need user authorization there.
                        6. Move your attachments outside the forum root directory.
                        7. Create a complete backup of your site. Make database backups weekly.
                        Vigilance
                        You need to keep active on the security of the site.
                        1. Give out the fewest permissions necessary for anyone to do their job
                        2. Make sure your hosting provider updates the software.
                        3. Update to the latest vBulletin when it is released.
                        4. Make sure your addons are always up to date.

                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API - Full / Mobile
                        Vote for your favorite feature requests and the bugs you want to see fixed.

                        Comment

                        • #13
                          Please see my post here: http://www.vbulletin.com/forum/forum...31#post4012531

                          Former vBulletin Support Staff
                          Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
                          Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

                          Comment

                          • #14
                            i got the same error here i think vbulletin file has problem with that..

                            http://www.vbulletin.com/forum/forum...e-in-vb4-error

                            Comment

                            • #15
                              Originally posted by jdj View Post
                              We don't use Panjo because we are suspicious of it; that's partly because we tried Vertical Response when it first got integrated into vBulletin before finally giving up on it and using MailChimp instead (MailChimp is much better in our experience). My suspicion is that integrating Panjo would result in you building Panjo's business rather than your own business.
                              Yes, certainly by using Panjo you would build the Panjo business. But... by using MailChimp, don't you build the MailChimp business? :-) Panjo is the in the business of helping improve the experience and security for buyers and sellers in forums. Panjo helps forum owners generate revenue and reduce the administrative burden of maintaining a vibrant marketplace. Through our mobile app, web site, and social media outlets, we work to drive traffic to our partners. You can check out Panjo's new iOS app and browse forum classifieds on an iPhone, iPad, or iPod.
                              Panjo - buying and selling for every hobby on the App Store on iTunes
                              https://itunes.apple.com
                              Panjo classifieds plugin for vBulletin

                              Comment

                              Previous template Next

                              Related Topics

                              Collapse
                              Working...
                              X

                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also consent to the transfer of your data to our servers in the United States, where data protection laws may be different from those in your country.

                              I Agree