Announcement

Collapse
No announcement yet.

New Error i never see in vb4 error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • donald1234
    replied
    Have you read through this thread, seems to be similar unresolved problem.

    http://www.vbulletin.com/forum/forum...how-white-page

    Leave a comment:


  • Sempoi
    replied
    Originally posted by donald1234 View Post
    You need to find where the backdoor is that the attacker is using to alter your files. have you tried disabling your plugins?
    yes i already try it....

    Leave a comment:


  • donald1234
    replied
    You need to find where the backdoor is that the attacker is using to alter your files. have you tried disabling your plugins?

    Leave a comment:


  • Sempoi
    replied
    hye

    i am asking how to fix this problem!!!
    i am so tired very time i need to reupload the fresh file

    Sempoi

    Leave a comment:


  • David Copeland
    replied
    Originally posted by Sempoi View Post
    today already 10 time reupload vbfiles to server
    this problem never solve

    please man to stop this problem ?
    We have the same problem, with no solution

    David

    Leave a comment:


  • Sempoi
    replied
    today already 10 time reupload vbfiles to server
    this problem never solve

    please man to stop this problem ?

    Leave a comment:


  • Joe D.
    replied
    Originally posted by Ion Saliu View Post

    Correct, axiomatic one!
    I'm not sure if this is just a language barrier or such but I would prefer you not call me the "axiomatic one" I am most certainly fallible.

    Leave a comment:


  • Ion Saliu
    replied
    You would need to know the username/password that is set to protect the install folder...
    Correct, axiomatic one! That’s what happens when trying to access my AdminCP by typing the address in the browser (http://forums.saliu.com/admincp/).

    Well, then, looks like this /install debacle is solved! Just .htaccess-protect the folder with a username and password. Don’t even need to delete the folder, as we don’t need to delete the /admincp folder.

    Have a /install folder "secretly" on the server. Go to your webhost AdminCP and password protect the /install folder as per my poste here:
    http://www.vbulletin.com/forum/forum...75#post4012575

    It is clear now that the vBulletin Team cannot create fill-in .htaccess files. The passwords must be encrypted by the server. And the webhost AdminCP needs to have a folder on the server in order to password-protect it.

    I wonder what happens if I copy the file from any .htaccess-protected folder on the server to the /install folder on my PC — and then upload the vB upgrade package? For example, I have a strong .htaccess file in my AdminCP folder. That way, the /install folder is never vulnerable, not for one second…

    By the way, strong passwords (as those generated in LastPass) are unbreakable for all intents and purposes. The webserver allows only 3 to 5 tries to enter the password. Nobody can guess a password in 3 to 5 tries… the odds are 1 in a trillion!

    Best holiday wishes to you all, brothers and sisters in forum/software creation!

    Ion Saliu
    Wishful Thinker At-Large
    “A good man is an axiomatic man; an axiomatic man is a happy man. Be axiomatic!”

    Leave a comment:


  • Joe D.
    replied
    You would need to know the username/password that is set to protect the install folder...

    If you go to
    Code:
    http://domain.com/install/upgrade.php
    and it is htaccess password protected you will be asked to enter the username/password to continue. Once you enter it you don't have to worry about it again for this session and can upgrade or install as normal. If you choose a difficult password it will take other people days, weeks, if ever to break in.

    As for the /includes/ folder there is no time you will EVER have to browse to a file in the includes folder so you can just set a super long password and never worry about it- you don't need to remember it because you'll never need to browse to your config.php file via a browser- it is useless to do so.

    Leave a comment:


  • Ion Saliu
    replied
    You can password protect or IP protect your ./install/ directory before uploading the files to it so only you can access the folder- this will prevent people from exploiting the files even during the few minutes the files may need to be on the server.
    Joe, I don’t think it works, axiomatic colleague of mine. What happens when I type …/upgrade.php in the browser? The /install folder is .htaccess protected. I try, for example:

    http://forums.saliu.com/includes/config.php

    Nothing happens, as the /includes folder is .htaccess protected.

    Leave a comment:


  • Joe D.
    replied
    Originally posted by Ion Saliu View Post
    Axiomatic Colleague of Mine:

    An experience like yours was my first run-in with vBulletin. That is the base64 infection. It happened to me during the first upgrading operation to my forum.

    If you have many foes, as I do, the skumbullows (cyber criminals) can’t wait for an upgrade! I always close my forum — and an announcement informs the visitors that the forum is in a maintenance process. The skumbullows immediately attacked the /install/upgrade.php script! They infected my forum with that dreadful base64 infection!

    I can still see in my webstats daily requests for the /install/upgrade.php script. They can’t wait to attack me again! The Vbeer support guys here say not to tell this kind of facts. But, hey, the skumbullows don’t need to hear the “tip” from me! They have known this vulnerability for many years…

    These are the facts of life — vulnerability inherent to scripts and upgrading by typing an address in the browser address box! The scripts are simply text files, easy to read files. Windows servers, on the other hand, are run by executables (EXE) files, which are far harder to read.

    In my case, axiomatic one, I was lucky with an understanding webhost. The tech support removed the base64 infection for me. But, I heard from them for the first time, that vBulletin forums were not recommended. My webhost also warned me that they would not tolerate a repeat of the incident. They would cancel my account, unfortunately. No wonder I am extremely reluctant to upgrade my vB forum… daily requests for the /install/upgrade.php script…

    Best of luck and holiday wishes to you all, brothers and sisters in forum administration!

    Ion Saliu
    Wishful Thinker At-Large
    “A good man is an axiomatic man; an axiomatic man is a happy man. Be axiomatic!”
    You can password protect or IP protect your ./install/ directory before uploading the files to it so only you can access the folder- this will prevent people from exploiting the files even during the few minutes the files may need to be on the server.

    Leave a comment:


  • Ion Saliu
    replied
    Axiomatic Colleague of Mine:

    An experience like yours was my first run-in with vBulletin. That is the base64 infection. It happened to me during the first upgrading operation to my forum.

    If you have many foes, as I do, the skumbullows (cyber criminals) can’t wait for an upgrade! I always close my forum — and an announcement informs the visitors that the forum is in a maintenance process. The skumbullows immediately attacked the /install/upgrade.php script! They infected my forum with that dreadful base64 infection!

    I can still see in my webstats daily requests for the /install/upgrade.php script. They can’t wait to attack me again! The Vbeer support guys here say not to tell this kind of facts. But, hey, the skumbullows don’t need to hear the “tip” from me! They have known this vulnerability for many years…

    These are the facts of life — vulnerability inherent to scripts and upgrading by typing an address in the browser address box! The scripts are simply text files, easy to read files. Windows servers, on the other hand, are run by executables (EXE) files, which are far harder to read.

    In my case, axiomatic one, I was lucky with an understanding webhost. The tech support removed the base64 infection for me. But, I heard from them for the first time, that vBulletin forums were not recommended. My webhost also warned me that they would not tolerate a repeat of the incident. They would cancel my account, unfortunately. No wonder I am extremely reluctant to upgrade my vB forum… daily requests for the /install/upgrade.php script…

    Best of luck and holiday wishes to you all, brothers and sisters in forum administration!

    Ion Saliu
    Wishful Thinker At-Large
    “A good man is an axiomatic man; an axiomatic man is a happy man. Be axiomatic!”

    Leave a comment:


  • donald1234
    replied
    The cure appears to be uploading fresh files and deleting any plug ins that you don't recognise. The cause is what we are still waiting to hear about.

    Leave a comment:


  • Sempoi
    replied
    Originally posted by donald1234 View Post
    See this thread, starting to look like this is a new exploit.

    http://www.vbulletin.com/forum/forum...how-white-page
    so how can i fix this issue

    its already happen to me for 2 day,
    every time this happen i need to replace fresh copy of vbulletin ?

    Leave a comment:


  • donald1234
    replied
    See this thread, starting to look like this is a new exploit.

    http://www.vbulletin.com/forum/forum...how-white-page

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X