Announcement

Collapse
No announcement yet.

All sites hacked with upgrade

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • All sites hacked with upgrade

    Maybe this is a coincidence but when I updated the server to php 7.3.13, all of my vb forums were hacked within 24 hours.
    Sites were running vb 5.2.5.
    Has to be more than just a coincidence that 3 vb installations all get hacked with different uploaded files.

    Not complaining just think there should have been some sort of warning to upgrade to vb 5.5.6 before updating php

  • #2
    The version of PHP isn't relevant here. I am actually surprised that vBulletin 5.2.5 runs on PHP 7.3 since it is over three years old.

    vBulletin 5.2.5 shouldn't be running on production servers at this time. We have fixed hundreds of bugs since its release and it is no longer supported. In 2019, we released a critical security patch for vBulletin 5.5.4 that closed a bug that could allow someone access to your site. We emailed all customers and placed a notice in the AdminCP news to notify users.

    I recommend deleting all vBulletin files, uploading vBulletin 5.5.6 and upgrading as soon as possible.

    If you store avatars or attachments in the file system, you would want to preserve these files and scan their directories to make sure they do not include any PHP files or an .htaccess file larger than 200 bytes. The included HTML files in these directories should be 0 byte files.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      They ran fine on 5.2.5 (patch something) but obviously some bots looking for it and php 7.3!!
      All sites were upgraded to 5.5.6 before I even posted.

      BUT what is discussions/core/clientscript/codemirror/mode/clike/index.html?

      My cxs scanner says its a suspicious file type? That is 5.5.6 and vb says it a vb file

      See attached Click image for larger version  Name:	Capture.JPG Views:	0 Size:	201.8 KB ID:	4431890

      Comment


      • #4
        CodeMirror is a third-party Javascript Library that adds functionality such as line numbers and tabbing to forms with code in them. We use it in the template editor within the AdminCP. It includes a lot of files that we didn't write. Many developers put index.html files into their directories for a number of reasons. The most common ones are to provide documentation and to prevent directory listings on poorly configured servers.

        Any file that is contained in the vBulletin download will be checked and matched against a series of file hashes that we create when the product is downloaded. The file hash for every file and every customer is unique. If the hashes don't match when the Suspect File Scanner checks it, then we can tell you if it is not part of vBulletin, from an older version, or the contents have been changed since you downloaded the software. For the specific file in question, I have no idea what its contents should be. Looking at it in a browser shows it demonstrates what "C-Like" code should look like. C is a popular programming language. So popular that many languages copied its formatting rules over the decades. However, if the file matches its hash then it most likely was downloaded in its current state as well.

        External file scanners may have overly broad definitions on what a suspicious file is.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment

        Related Topics

        Collapse

        Working...
        X