Announcement

Collapse
No announcement yet.

Known Exploit Warning Question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    Originally posted by holymannn View Post
    should I delete vb5.php and runtime.php?

    Click image for larger version Name:	EB74D382-19EA-4456-8F01-6433D6D6535C.jpeg Views:	0 Size:	41.1 KB ID:	4445341
    There is no vb5.php file.

    I recommend uploading a fresh copy of files for your version from the Member's Area and then running the suspect file diagnostics. Any file not listed as part of vBulletin should be removed. If you have non-vBulletin files on the server then you will need to inspect them to make sure they haven't been tampered with.

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by w4term4n View Post
    Is it necessary to delete the runtime.php file? It tells me that the content is not as expected.
    After applying the patch, the file will not contain the expected contents.

    You have not updated the checksum file since you installed the current version you're on. This file is not dynamic. It is created when you download the software.

    Leave a comment:


  • w4term4n
    replied
    Originally posted by AlyGreen View Post
    w4tchm4n, Niktator

    If you look at the patch file (5.6.2 PL1) contents being applied, it shows the following two files being added:

    /core/includes/version_vbulletin.php
    /includes/vb5/template/runtime.php

    So runtime.php is definitely part of the patch.

    When I run AdminCP > Maintainence > Diagnostics > Suspect File Versions

    On my system it also marks runtime.php as not being part of the install. My guess is this file hasn't yet been included in the md5_sums_vbulletin.php, the checksum file vBulletin uses to confirm the files installed (at least I think this is the purpose of this file, to validate).

    I don't see a vb5.php as part of my install so this file may be a file left over from a past vBulletin install (if you don't clear out old files every time) or perhaps something to be concerned about.

    Tech support will have to answer your question for certain.

    Aly
    Thanks you so much.

    Leave a comment:


  • AlyGreen
    replied
    w4tchm4n, Niktator

    If you look at the patch file (5.6.2 PL1) contents being applied, it shows the following two files being added:

    /core/includes/version_vbulletin.php
    /includes/vb5/template/runtime.php

    So runtime.php is definitely part of the patch.

    When I run AdminCP > Maintainence > Diagnostics > Suspect File Versions

    On my system it also marks runtime.php as not being part of the install. My guess is this file hasn't yet been included in the md5_sums_vbulletin.php, the checksum file vBulletin uses to confirm the files installed (at least I think this is the purpose of this file, to validate).

    I don't see a vb5.php as part of my install so this file may be a file left over from a past vBulletin install (if you don't clear out old files every time) or perhaps something to be concerned about.

    Tech support will have to answer your question for certain.

    Aly

    Leave a comment:


  • w4term4n
    replied
    Is it necessary to delete the runtime.php file? It tells me that the content is not as expected.

    Leave a comment:


  • holymannn
    commented on 's reply
    the files were placed before i updated the security patch. will i get hack again after the security patch?

  • Niktator
    replied
    Originally posted by holymannn View Post
    should I delete vb5.php and runtime.php?

    Click image for larger version Name:	EB74D382-19EA-4456-8F01-6433D6D6535C.jpeg Views:	0 Size:	41.1 KB ID:	4445341
    You should asap turn off your server, since its not done with this files. If they can put files in your directory - they can put files elsewhere. You have been hacked, deleting 2 files wont fix that. Good luck.

    Leave a comment:


  • holymannn
    commented on 's reply
    All directory to 444? From /forum and it’s sub folders?

  • holymannn
    replied

    should I delete vb5.php and runtime.php?

    Click image for larger version  Name:	EB74D382-19EA-4456-8F01-6433D6D6535C.jpeg Views:	0 Size:	41.1 KB ID:	4445341

    Leave a comment:


  • Wayne Luke
    commented on 's reply
    You would have to reload the AdminCP for that to update.

  • alfreema
    commented on 's reply
    Yes, and I have verified that the PHP code references 5.6.2 Patch Level 1, just like the patch ZIP. Permissions and ownership are spot on too. Perhaps I need to restart my apache server for it to recompile and for the admin console to reflect it? Odd.

    Edit: Well ... nevermind -- it just took some time to compile. It's proper now: vBulletin 5.6.2 Patch Level 1 Latest version available: 5.6.2 Patch Level 1

    I bet I just needed to leave the admin console and come back to it.
    Last edited by alfreema; Tue 11 Aug '20, 1:27pm.

  • Wayne Luke
    commented on 's reply
    Did you upload /core/includes/version_vbulletin.php? That lies to the AdminCP about the installed version.

  • alfreema
    commented on 's reply
    Right, so the admin won't show that I am on Patch Level 1, even though I am, because I did not do an upgrade, correct?

  • Wayne Luke
    commented on 's reply
    You're not upgrading. You're applying a patch. You simply upload the files in the patch zip file and overwrite the files on your server.

    https://forum.vbulletin.com/forum/vb...security-patch

    Upgrading would be involved if there is a change in the 5.X.X number.

  • alfreema
    replied
    Wayne Luke ...

    So I was on 5.6.2 and the 5.6.2 PL 1 patch doesn't contain an "upgrade" folder, so going here (per the instructions on upgrading) doesn't resolve: https://%yourdomain/%forumroot%/install/upgrade.php

    That seems okay, since there are only two files in it, so I just manually replaced the two files in there. When I go to the Admin I see:

    vBulletin 5.6.2 Latest version available: 5.6.2 Patch Level 1

    I did not restart the server, because I wasn't thinking I needed to. I feel like I am "patched" but there is no way for vBulletin to know that since there is no upgrade process.

    Does that seem right?
    Last edited by alfreema; Tue 11 Aug '20, 8:09am.

    Leave a comment:

Related Topics

Collapse

Working...
X