File2Store Is driving me crazy

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Ctrenks
    Senior Member
    • Aug 2007
    • 111

    File2Store Is driving me crazy

    I finally got hit by this one, I see its been around since mid 2011, and I was running 3.8.6 PL1 for quite some time. This week I noticed a big drop in traffic and found this by going through google and ending up at file2store.

    I have been reading posts about this for 3 days now and am nowhere other than I can clear it out of the parsed templates by disabling a plugin and re-enabling it.

    I scanned all server files for "base64_decode"

    -Cron.php
    -funtions.php

    These were all replaced when i upgraded to 3.8.7 PL2 this week

    I removed 2 entried in my remote SQL (both were IP's I added) and were full static IP's

    I scanned all the files by date on my server with nothing outstanding, searched through my Cron Jobs

    Anyone have an actual answer to what this exploit is actually coming from?

    Thanks,
    Chris
  • IBxAnders
    Senior Member
    • Aug 2001
    • 1172
    • 4.0.x

    #2
    anders | vbulletin team | check out the new vbulletin facebook app
    Proudly vBulletin'ing since 2001
    Please be my friend!
    http://www.twitter.com/inetskunkworks
    vBulletin Performance Articles:
    Click here to read

    Comment

    • Ctrenks
      Senior Member
      • Aug 2007
      • 111

      #3
      Thank you, After reading 90 posts that it definately IS NOT VBSEO I stopped looking for that side

      Comment

      • Zachery
        Former vBulletin Support
        • Jul 2002
        • 59097

        #4
        You checked the database?

        Comment

        • Loco.M
          Senior Member
          • Mar 2005
          • 4319
          • 3.5.x

          #5
          Here is the correct info on your fix.



          We've been battling it for a long long time





          FYI.. that has NOTHING to do with the file2store exploit..

          -- Web Developer for hire
          ---Online Marketing Tools and Articles

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73981

            #6
            Originally posted by Loco.M
            Here is the correct info on your fix.



            We've been battling it for a long long time
            I don't see how his solution is actually attributed to a fault in vBulletin.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • Loco.M
              Senior Member
              • Mar 2005
              • 4319
              • 3.5.x

              #7
              Originally posted by Wayne Luke
              I don't see how his solution is actually attributed to a fault in vBulletin.
              All that I know is that it worked on 2 client sites, one had been battling it a long time. (see the rest the TAZ thread)

              Just trying to help the OP out.
              -- Web Developer for hire
              ---Online Marketing Tools and Articles

              Comment

              • Wayne Luke
                vBulletin Technical Support Lead
                • Aug 2000
                • 73981

                #8
                Originally posted by Loco.M
                All that I know is that it worked on 2 client sites, one had been battling it a long time. (see the rest the TAZ thread)

                Just trying to help the OP out.
                I am sure it would. Wildcard Remote Access to a MySQL server is just asking to be hacked.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...