Announcement

Collapse
No announcement yet.

Strange Problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Strange Problem

    Well, some users are using cheap hacking techniques to hack the front page of my forums. Like i get many hits per day, and many of them use html codes in the new thread "Title" area.. many of the peoples i got, did that and they were not sucessful, i just removed the thread.

    But yesterday a guy placed an html code in a new thread in my General Section and it worked, and due to that my front page started to get redirected to > http://srsrxxx.kayyo.com/

    Is this a flaw in vb? or what should i do to avoid this?

    Thanks

  • #2
    Disable HTML in the forum.
    AdminCP / Forum & Moderators / Forum Manager -> Edit Forum
    VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
    No Addons - none at all.

    Comment


    • #3
      Standard vBulletin don't evaluate HTML codes in thread titles. It sounds like the software you are using for your frontpage does however evaluate this. Not much vBulletin can do about this, i suggest you contact the author of your frontpage to have this fixed.

      PS Also see the following thread: http://www.vbulletin.com/forum/showt...34#post1202934
      Want to take your board beyond the standard vBulletin features?
      Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

      Comment


      • #4
        Very coincidently, after a posting my above comment to disable html, my board got hacked this very day!!!
        I've read the thread and i'm not using either of the softwares listed.

        The site that my members & guests are being redirected to is

        http://turksecurity.org/forum/index.php

        Can the team behind vbulletin do something with these guys as they're using hacks and corrupting other folks' boards?
        VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
        No Addons - none at all.

        Comment


        • #5
          I moved the last one to a hidden forum (junk) and that sorted it.
          Now I got a NEW one already, from http://clubplus.pl/ which proudly states itself as a hack-site.

          I'm not using the software (flashchat) etc. Hmmmm
          VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
          No Addons - none at all.

          Comment


          • #6
            I'm not using topxstats, but I was using cyb advanced stats..
            I disabled that alone

            I see someone tried it here, too.

            http://www.vbulletin.com/forum/showthread.php?t=198958
            Last edited by karlm; Sun 3rd Sep '06, 8:38am.
            VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
            No Addons - none at all.

            Comment


            • #7
              Originally posted by karlm View Post
              I'm not using topxstats, but I was using cyb advanced stats..
              I disabled that alone

              I see someone tried it here, too.

              http://www.vbulletin.com/forum/showthread.php?t=198958
              I just had this happen to my sites, I'm glad it didn't work for them tho

              Comment


              • #8
                Well what should i do thennn?????

                Comment


                • #9
                  Originally posted by Danecookie View Post
                  Well, some users are using cheap hacking techniques to hack the front page of my forums. Like i get many hits per day, and many of them use html codes in the new thread "Title" area.. many of the peoples i got, did that and they were not sucessful, i just removed the thread.

                  But yesterday a guy placed an html code in a new thread in my General Section and it worked, and due to that my front page started to get redirected to > http://srsrxxx.kayyo.com/

                  Is this a flaw in vb? or what should i do to avoid this?

                  Thanks
                  We got hit with it yesterday.

                  It's a really lame trick (more like an annoyance), but here is a very simple fix.

                  Go into you AdminCP and under vB Options choose Censorship Options.

                  In the Censored Words window add this.

                  Code:
                  {meta} >>>> {http-equiv} "Refresh" """"
                  That will put an end this nonsense.
                  Last edited by The Finman; Sun 3rd Sep '06, 5:57pm.

                  Comment


                  • #10
                    Thanks... I'll try it now
                    VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
                    No Addons - none at all.

                    Comment


                    • #11
                      I suggest you remove all third party modifications since this is where the flaw happens, we ensure that our own stock code isn't affected and can only assume that its a flaw within their code.

                      Much more serious issues than a meta redirect can occur so its within your best interest to remove the offending plugin.
                      Scott MacVicar

                      My Blog | Twitter

                      Comment


                      • #12
                        Thought I comprehend what you're saying, you have to admit if everyone retained the vanilla vbulletin - most forums would lack any personality or unique appeal. I'm generally careful on what I allow to be used on the forums, and I select the plugins carefully prior to eventually transferring from test-board to live-board status..
                        VB 5.4.1 - PHP 7..2.4 - MySQL 5.5.56
                        No Addons - none at all.

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X