Announcement

Collapse
No announcement yet.

HUGE SPAM HACK ON VB 4.2.X!!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HUGE SPAM HACK ON VB 4.2.X!!

    The recent weeks a number of our users have reported that they are sent to various spampages when clicking search-results to our page from Google. The spam occurs after the user arrives at the page, and the spam is only apparent the first time the user clicks the Google-link.

    Today a user reported that the same issue occurs on another vB 4.2.X-site; http://forums.audioreview.com/. We have confirmed that the have the exact same issue.

    By other words; this is a specific vB-issue and needs to be addressed immediately!! I am astounded nobode else has reported these issues, and as the exploit has been active for more than a week now our site risks getting blacklisted if it is not resolved shortly.

    I did consider upgradring to vB 5.X to "solve" the issue, but as 5.0 neither has support for dBSEO (that actually works very well for us after a lot of tweaking), no Norwegian language pack and probably is very challenging to install, this is really not a feasible solution for us.

    vBulletin - please look at this serious issue shortly and e-mail me at lygren @ avforum . no!

  • #2
    vB; I certainly hope you´re responding to this matter rapidly, shipping my visitors to pornsites is really not good for business...

    Comment


    • #3
      This isn't a vBulletin issue. Your server has been compromised.
      You can remove the issue for now by disabling then re-enabling any product in the products screen, however it will likely return at some point.

      Do you, or have you ever, used vBSEO?
      MARK.B | vBULLETIN SUPPORT

      TalkNewsUK - My vBulletin 5.6.0 Demo
      AdminAmmo - My Cloud Demo

      Comment


      • #4
        What version of vB are you using...in other words, what is the "X"? Anything less than 4.2.2 is not good for security. I believe I've seen recent recommendations to move to 4.2.3.

        Kurt

        Comment


        • #5
          I just visited http://www.audioreview.com/ http://www.audioreview.com/reviewscrx.aspx and http://www.audioreview.com/reviews/ from Google and none of those URLs redirected me to porn or anywhere else. I don't think this is at all vBulletin software related but more information is necessary.

          Comment


          • #6
            The description of the problem matches the so-called "filestore hack" which in most cases stems from a vulnerability in vBSEO.

            To be clear, it is not a vulnerability in vBulletin itself.
            MARK.B | vBULLETIN SUPPORT

            TalkNewsUK - My vBulletin 5.6.0 Demo
            AdminAmmo - My Cloud Demo

            Comment


            • #7
              Your software is out of date and insecure. You will need run through the steps here:
              http://www.vbulletin.com/forum/forum...ring-your-site

              Once done, you will need to upgrade to vBulletin 4.2.3.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • #8
                Thanks for the feedback guys. As for not being forwarded to spamsites, the same is the case with my dev from India - but a number of my local Norwegian users report the same. By other words the hack seem to only target certain geographical areas...

                Other than that I do have the DBSEO installed, and I am running 4.2.2 at the moment. I do see that audioreview.com is running vBSEO. So you believe that the SEO-modules might be where both sites are compromised?

                Comment


                • #9
                  DBSEO is supported and should be ok. Although VBSEO is known for this redirection issue. Other compromised plugins can cause this. Try disabling all your plugins. If so re-enable one at a time till you find culprit.

                  To disable the plugin/hook system completely, edit includes/config.php and add the following code:
                  Just below

                  Code:
                  <?php
                  enter

                  Code:
                   
                   define('DISABLE_HOOKS', true);

                  Comment


                  • #10
                    Originally posted by lygrenMomentor View Post
                    Other than that I do have the DBSEO installed, and I am running 4.2.2 at the moment. I do see that audioreview.com is running vBSEO. So you believe that the SEO-modules might be where both sites are compromised?
                    You're running 4.2.2 Patch Level 1 on one of your sites. This is insecure. 4.2.2 is at Patch Level 4.

                    vBSEO is insecure and unsupported. The company that created vbSEO no longer exists. It should not be installed on any website unless you've hired a PHP developer to secure its flaws.
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API - Full / Mobile
                    Vote for your favorite feature requests and the bugs you want to see fixed.

                    Comment

                    Related Topics

                    Collapse

                    Working...
                    X