Announcement

Collapse
No announcement yet.

Define Upload from Zip file

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Define Upload from Zip file

    When installing the update patches, what exactly is meant by 'Upload files...'? I have extracted all files form the .zip and overwritten the original files in the same paths. Is that all that is needed? Or, do I have to do something with them from the admincp?

  • #2
    In the full download package, there are two directories. They are named upload and do_not_upload. Everything in the upload directory are files that should be uploaded to the server.

    In a vBulletin Patch file, all files within it need to be uploaded to the directory where vBulletin exists on the server. Patch downloads only contain the files necessary for the patch and a version file. If a patch requires anything else besides uploading the files, we will state that in the release announcement.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Thank you for the response. Just to make sure I'm not 'tripping over' the word Upload, have I completed all steps necessary to implement the update if I have copied each file provided in the update and overwritten its original counterpart file in the same path? I'm asking because after doing this then running the Diagnostics / Suspect File Versions tool, the updated files report as having unexpected contents. For example, the last update replaced user.php in ./vb/library. Now that file reports as 'File does not contain expected contents.'

      Comment


      • #4
        They will have unexpected contents until you replace the md5_sums_vbulletin.php file that comes with a full version. This is normal behavior.

        This file is not included in Patch Downloads because they do not contain all 3,000 files in a standard vBulletin download. When you download a full version of vBulletin, the md5_sums_vbulletin.php is created by our servers. This file is unique to every single download because every file is unique to the customer that is downloading it. This file is how we know what a file should contain or if it is even part of vBulletin.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #5
          I understand. The file you describe is basically the custom table of contents for our purchased version and would not recognize updated files. Thanks. Here is the actual issue. Perhaps, you can advise on the correct course of action. We were recently hacked after migrating our long-standing vBulletin 3.x forum to our local server and upgrading to vBulletin 5.5.3. This is drastically affecting our business to the tune of $1000,s per day! I'm feverishly trying to revert back to the un-compromised version and was hoping that all of the JS files reporting that way in Diagnostics were the files corrupted by the hack. The intent is to restore the original vBulletin 5.5.3 install to an alternate location then overwrite all of the JS files with originals. Am I, at least, on the right track?
          Last edited by SNease001; Thu 24 Oct '19, 10:25am.

          Comment


          • #6
            There is no reverting back really. That won't clean your site. Some of the exploits that I have found go back 2 and 3 years.

            What you need to do is:
            1. Create a new directory to hold your vBulletin Files.
            2. Download the full package of vBulletin 5.5.4 PL2.
            3. UPLOAD this copy of vBulletin to this new directory.
            4. Rename /config.php.bkp to config.php
            5. Rename htaccess.txt to .htaccess
            6. Rename /core/includes/config.php,new to /core/includes/config.php
            7. Edit /core/includes/config.php to connect to your database.
            8. Rename your existing vBulletin directory to something like /vbulletin_lwkesfjweqo5i78weq. do not use anything like vbulletin_old or vbulletin_backup. These are easy to guess names and will make the exploit available to the exploiters.
            9. Rename your new vbulletin directory to the old vbulletin directory's previous name.
            10. Investigate your attachments directory (and its subdirectories) in the old directory. Delete any files named .htaccess, *.php, *.ico, or *.bak, The only files should have a .attach extension.
            11. Copy the attachments directory to your new vBulletin directory once it has been cleared.
            12. Investigate your /core/customavatars directory in the old directory. Delete any files named .htaccess, *.php, *.ico, or *.bak. There should be only images file within here and the /thumbs subdirectory.
            13. Copy your /core/customavatars directory to your new vBulletin directory once it has been cleared.
            14. If you use custom smilies, you must do the same as above for the /core/images/smilies directory.
            15. If you use custom post icons, you must do the same as above for the /core/images/icons directory.
            16. Delete the old vbulletin directory.
            17. Chmod the /core/ directory and its contents to 444. Chmod the /core/cache and /core/customavatars directory so that the web server can write to them.
            18. Check all other directories of your website for wayword .htaccess, *.php, *.ico, and *.bak files.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment


            • #7
              Oh my! Ok, thank you very much for the clarification AND more so, for the detailed instructions! I'm off to fix it...

              Comment


              • #8
                Unfortunately, I completed all of these steps but get a 500 Internal Error when trying to access the forum. Step 5 creates the .htaccess file. However (guess I should've stated this up front), we are running our forum on IIS, not Apache. Also, step 17 refers to Linux commands. I did set the same configurations on the defined folders though. I know 500 is a vague, generalized error code but you wouldn't happen to have a list of the most common causes of a 500 error on a vBulletin site?

                Comment


                • #9
                  Sorry, the majority of our customers use Apache, even if they are using Windows Servers.

                  A 500 Server error is the most generic error created in the technical industry. It basically means "something went wrong." To see what the 500 server error actually is, you will have to look at the IIS and PHP Error logs. Wherever you have them configured to be access from.

                  For IIS, you must have the URL Rewrite extension from Microsoft installed. URL Rewrite will use the web.config files. If you want to use .htacess with IIS, there are third-party .htaccess providers that work with IIS. I don't know how reliable they are.

                  PHP must meet all the requirements in the System Requirements topic. My guess is that you're missing one of the PHP libraries that are required.

                  Windows servers can be less secure than Linux servers. The permissions are for User, Group, and World - in that order. 444 gives read permissions to all of these groups.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment

                  Related Topics

                  Collapse

                  Working...
                  X