Announcement

Collapse
No announcement yet.

vBulletin 3.x and 4.x Redirect Security Exploit

Collapse
This topic is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    I modified my class_core.php file and changed over to the yui hosted on Google. It required a restart of my web server (to clear the cache) in order for users to be able to post again, but I also cleared the data on my CDN just for good measure.
    Shawn

    Comment


    • #32
      There is no class_core exploit.

      Comment


      • #33
        Originally posted by djbaxter View Post
        This redirect exploit seems to have resurfaced again.

        See http://developer.yahoo.com/yui/



        In the meantime, do this:
        1. Admin CP >> Settings >> Options >> Server Settings and Optimization Options
        2. Scroll down to Use Remote YUI
        3. Set this to Google

        I did this. But, when I look at the source code for my page now, it shows:

        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script>

        Why wouldn't Google be using v.2.8.2 or 2.9.x?

        Comment


        • #34
          1) Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
          2) In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.
          anders | vbulletin team | check out the new vbulletin facebook app
          Proudly vBulletin'ing since 2001
          Please be my friend!
          http://www.twitter.com/inetskunkworks
          vBulletin Performance Articles:
          Click here to read

          Comment


          • #35
            Thanks for the info. I'll do that added step and see what happens.

            Comment


            • #36
              Worked! Thanks for the assist.

              Comment


              • #37
                Is there anything we need to remove from the forum files or templates to get whatever they did off our sites. I couldn't log in with my password a couple of days ago and I had to have a new one sent. Then I noticed the traffic drop and investigated because this is the second time this has happened to me. What do we need to do to deslime our sites other than change that google drop down. Is upgrading enough? This is really getting old. Thank God I investigated this time before all my search rankings were destroyed again ... I hope so anyway.

                Comment


                • #38
                  If you make the changes I indicated, as far as I know that removes the problem (i.e., the redirects). In the case of the 3.83 forum, where traffic had dropped off a clip, the return of traffic was almost immediate.
                  Psychlinks Mental Health Support Forum
                  Local Search Forum

                  Comment


                  • #39
                    I've been hit by this for the second time, so I'm really angry about it given that I'm running the latest version of 3.x. How seriously is vBulletin taking this problem?

                    EDIT: Never mind, I just wasn't looking hard enough.
                    Last edited by Jason Dunn; Mon 30th May '11, 6:45pm.

                    Comment


                    • #40
                      Originally posted by Jason Dunn View Post
                      EDIT: Never mind, I just wasn't looking hard enough.
                      Looking hard enough for what?
                      Psychlinks Mental Health Support Forum
                      Local Search Forum

                      Comment


                      • #41
                        Originally posted by djbaxter View Post
                        Looking hard enough for what?
                        For the Server Settings option...it's kind of baffling that the lists aren't organized alphabetically.

                        Comment


                        • #42
                          Yes, it can be a bit confusing. It's the HTTP & Server Settings I think.
                          Psychlinks Mental Health Support Forum
                          Local Search Forum

                          Comment


                          • #43
                            Changing the YUI version in class_core to 2.8.2 or 2.9.0 gives me this error when accessing threads:



                            Unable to add cookies, header already sent.
                            File: /home/swiftor/public_html/includes/class_core.php
                            Line: 1
                            GameOn Friendly Multiplayer Gaming Community

                            Comment


                            • #44
                              As a side note, I do use vbseo, I thought I saw another error relating to vbseo prior to changing it back to 2.7.0
                              GameOn Friendly Multiplayer Gaming Community

                              Comment


                              • #45
                                1. Make sure you have tyhe latest version of vBSEO installed.

                                2. Make sure you are uploading the correct version of includes/class_core.php
                                - I got a similar error when I first tried to change the version but it turned out I was uploading an earlier version that the one I was running (4.13).
                                Psychlinks Mental Health Support Forum
                                Local Search Forum

                                Comment

                                Related Topics

                                Collapse

                                Working...
                                X