Announcement

Collapse
No announcement yet.

Security Patch does not fix a hacked forums

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Patch does not fix a hacked forums

    I've uploaded the files that were part of the "security patch" but those did nothing to fix the problem - no further instructions were included with this "patch" except to upload the two files. I'm sure I'm in a very long queue to get some live support, but are there any successes in getting the forms back?

    I've re-uploaded the entire 5.4.4 file structure
    ran the upgrade script to touch everything
    Re-re-uploaded the security patch
    re-uploaded the base index.html file and removed the files installed by the breach
    re-uploaded my .htaccess file in case there was some errant code in there
    the config.php file was not touched (modified date of 2017)

    I'm still having blank pages for the forums, admincp, etc.

    There has to be more instructions than "upload these files and all is good"...

    What are your success stories here?

    TVS

  • #2
    You must also remove rogue files that may have added by the exploit. I found nearly 1/2 dozen of them. The best way to do that it is to do a clean install, but I ran a file comparison program and manually deleted files on the server that were not in the upload folder. Once you're back online, be sure to change your database password as it might have compromised.
    VB 5.5.5
    PHP 7.2
    MySQL 5.7.24

    Comment


    • #3
      I found about a half dozen of those as well. There are no instructions on how to do a clean install - what folders do you keep? I don't mind doing it - it can't be that hard.

      EDIT - my issue is with blank pages, not sure if that helps.

      I'm also noticing that my server load is at 100% - which may or may not be related - I'm looking into that as well. It's a semi-dedicated so I should be the only one touching the load (it's not a shared environment).

      Thanks - I'll keep digging!

      TVS

      Comment


      • #4
        You could try this:
        1. backup your old database
        2. backup your old vbulletin files
        3. remove the vbulletin directory completely, so that no hacked files are left in the vbulletin dir
        4. upload the new files
        5. check the content of your old /config.php, make sure that it doesn't contain malicious code
        6. copy /config.php from your old files to the root of your vbulletin dir.
        7. rename htaccess.txt to .htaccess (if you're running HTTPD)
        8. start the update in the browser by going to install/upgrade.php
        9. revert any customizations, templates
        10. change all your administrator and moderator password
        11. verify that no unknown admins were added
        12. verify that no unknown usergroups were added
        13. revert all permissions if needed.
        Last edited by LBS; Thu 26th Sep '19, 9:02am.

        Comment


        • OrganForum
          OrganForum commented
          Editing a comment
          Don't delete the userattachments, customavatars, customgroupicons, and customprofile pics folders without backing them up. You'll need them to restore these images.

      • #5
        The patch is not written for 5.4.4 and should not be used on a 5.4.4 forum.

        Forums running 5.4.4 should upgrade to 5.5.4 Patch Level 1 in the first instance.

        MARK.B | vBULLETIN SUPPORT

        TalkNewsUK - My vBulletin 5.5.6 Demo
        AdminAmmo - My Cloud Demo

        Comment


        • #6
          Here is Wayne's advice on what to do:
          1. Create a new directory.
          2. Upload the files from a new patched vBulletin Package to this directory.
          3. Point the /core/includes/config.php to your database.
          4. Make sure there are no PHP or Javascript files in the attachment or customavatar directories.
          5. Copy over your attachment and customavatar directories.
          6. Run /core/install/upgrade.php
          7. Revert any template customizations that you have not documented as creating
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.5.6 Demo
          AdminAmmo - My Cloud Demo

          Comment


          • #7
            Ok, I figured out my issue and am back up and running without the nuclear option. Like OrganForum mentioned, I missed one file that was causing issues. Man what a way to spend a Thursday morning!

            Thank you all for your help here.

            TVS

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X