Potential vBSEO vulnerability email from VBulletin.

**The Realist** · Wed 7 Jan '15, 10:50am

I had the same.

**djr** · Wed 7 Jan '15, 11:32am

And another one. Subscribed to this thread for further info. Would like to have some verification.

**Trevor Matthews** · Wed 7 Jan '15, 11:37am

Hi
Me too and no this email is not from vbulletin, just hover over the links at the bottom and the web links that pop up prove this to be spam.

**Trevor Matthews** · Wed 7 Jan '15, 11:39am

And whilst we are on the subject of the defunct vbseo package, has any one ever tried removing it successfully without destroying their vb installation?????

**siddi** · Wed 7 Jan '15, 11:42am

the same here.

**Noodles** · Wed 7 Jan '15, 11:42am

The email looks to be from vbulletin, I'm just unsure this is actually a vulnerability, there doesn't seem to be much detail and vbulletin's fix is to just remove a block of code (which I'm unsure will break anything). It doesn't help that vbseo doesn't exist anymore.

**Wayne Luke** · Wed 7 Jan '15, 11:45am

Yes. It is same email format we have been using for the last 3 years. The issue was found by other Internet Brands verticals and also fixed by them. We're told they tested it. The email content comes from the Chief Technology Office of Internet Brands. We just forwarded to customers who it may affect.

**vbem2** · Wed 7 Jan '15, 1:07pm

Originally posted by Trevor Matthews

And whilst we are on the subject of the defunct vbseo package, has any one ever tried removing it successfully without destroying their vb installation?????

I'd be interested in hearing about this as well.

The impact of breaking long-established URLs is very bad: we had a vbSEO problem in 2013 on one forum which cut search traffic & income by nearly 50%. It took 6 months to recover.

**pbordas** · Wed 7 Jan '15, 1:13pm

Thanks for confirming! And thanks for notifying us.

**Trevor Matthews** · Wed 7 Jan '15, 1:21pm

That's interesting so those dodgy looking web links at the bottom of the email are genuine then???
The hover over links at the bottom of the email started click.shopping

How are they genuine???

If this is genuine can some one please upload the full details again as I deleted the email.

regards
Trevor

**Mark.B** · Wed 7 Jan '15, 1:56pm

It is a genuine email and those links are shopping links owned by vBulletin's parent company, Internet Brands.
I'm afraid I don't have a copy of the email, it is sent from an emailing system.

**Wayne Luke** · Wed 7 Jan '15, 3:07pm

If you think you might be running a vulnerable version of the software, there is a simple fix: just comment out the following lines in the file vbseo/includes/functions_vbseo_hook.php:

Code:

if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
$permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

should be changed to:

Code:

// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

**RaajS** · Thu 8 Jan '15, 1:17am

I am unable to understand the following part : If you are running the "Suspect File Versions" diagnostics tool, you will additionally need to generate a new MD5 sum of the above file and edit upload/includes/md5_sums_crawlability_vbseo.php to use the new MD5 sum on the line:

**holwebs** · Thu 8 Jan '15, 3:48am

Originally posted by Wayne Luke

If you think you might be running a vulnerable version of the software, there is a simple fix: just comment out the following lines in the file vbseo/includes/functions_vbseo_hook.php:

Code:

if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
$permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

should be changed to:

Code:

// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

I've received the email too & am looking at alternatives to vbseo. Meanwhile has anyone implemented this change. What does it do & what may stop working.

I also didn't understand the reference to "Suspect File Versions" diagnostics tool. Anyone?

Have just realised that this thread is in VB4 support. I'm still running vB 3.8.8 Does it refer to that too?

vBulletin 4 End of Life

Potential vBSEO vulnerability email from VBulletin.

Potential vBSEO vulnerability email from VBulletin.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment