JFYI, a few posts down, Mert posted "I am sorry but we are talking about vBSEO product not sitemap generator.".
-
Yes, you've participated in this thread.
There was a vbseo_sitemap-3-0 PL1.zip released on 05 May 2011, in the add-on description it's still showing 11/11/2010 - Version 3.0 as the last released version in revision history, but that's wrong. So, be sure you have the PL1 installed.Leave a comment:
-
I just went on vbseo to check what the latest version of the site map is and Im up to date on that one.
Still shows 3.0 as the current version
I also keep site map access to yahoo, bing, msn and google via htaccess ip allow
Found the odd normal person / website designer looking at it
Plus it locks down another admin areaLeave a comment:
-
-
Leave a comment:
-
There was a exploit in the vbseo site map (vb.org) not long ago, but it has been fixed.Leave a comment:
-
Did anyone that got hit have the vbseo site map running and notice any errors in google webmasters tools
I have just flat lined on traffic for the last two weeks
Followed the steps on editing the class core file
Admin area has been htaccess protected since getting hit with the base 64 divert once last year
In my google webmasters account on the site map, I have several warnings.
This iis one of them
URLs not followed
When we tested a sample of URLs from your Sitemap, we found that some URLs redirect to other locations. We recommend that your Sitemap contain URLs that point to the final destination (the redirect target) instead of redirecting to another URL
HTTP Error: 302
URL: http://www.thespainforum.com/f188/ba...azette-239374/
Problem detected on: May 8, 2011
Just wondered if anyone else experienced the same when they got hitLeave a comment:
-
From my response to your other post:
No. It is NOT vBSEO. It's happening to forums without vBSEO as well.I've been hit by this @#?ing hack five times now and I'm really sick of it. I thought I fixed it last week when I updated vbSEO and vbSEO Sitemap Generator to the latest versions. Today I did a search in Chrome incognito window that would show me my forums, and the damn script is back!
If I disable vbSEO and the sitemap generator, I don't get the re-direct.
When I enabled Sitemap Generator, I don't get the re-direct.
When I enabled vbSEO, I don't get the re-direct.
So is there some file that is generated when vbSEO and the Sitemap generator are turned on and that file is getting hacked?
This entire thing baffles me - I've never had such a persistent problem like this before!
Unfortunately it looks to me like this problem will keep coming back until the guys at vbSEO fix the exploit these hackers are using. The guys at vBulletin can't do anything about that.
I thought it was a server issue having to do with permissions but tightened all those up and it returned on one 3.x forum too.
To remove it temporarily, do this:
1. Disable one of the plugins (doesn't matter which one) and then re-enable it. This will flush the datastore and get rid of the redirect. The problem is, that seems to be only a temporary fix.
2. Try this suggestion (this is the next step for me as well):
Remove any evil .gif files off your server
To do this, ssh to your server and run this command:
Change the /home/main to fit your main root directory. Delete the matches in those upload directories!! I usually check them first, but remove them.Code:find /home/main -regex '.*\.gif$' -exec grep php {} \;
It may be that the redirect came back on the forum I'm associated with because we didn't remove the original exec disguised as a gif? If so, it's not in the regular customavatars or customprofilepics folders because those are protected by .htaccess from running executables.
The truth is, I don't think anyone yet knows how this exploit is being accomplished and until we do there doesn't seem to be any sure way to eradicate it forever.Leave a comment:
-
I'm curious, is there anyone out there getting hit by the file2store.info exploit that does NOT have vbSEO installed? It looks like this is 100% on vbSEO to fix, but maybe I'm wrong about that...Leave a comment:
-
Guys in light of the 'possibility' of an exploit being possible through the upload of a malicious script embedded in gifs I have followed advice and uploaded the following htaccess file to directories which allow users to upload images to (vBGallery, vBGarage, Customer avatars etc etc)
Now my question is regarding some directories for instance vBGallery and vBproGarage point to a particular writeable folder however it seems like it stores uploads in many many different directories within the /upload/ folder designated for the script. My concern is that the above htaccess file is only protecting /uploads/ and not any subsequent folders the script creates within it's writeable directory.Options +FollowSymLinks
Options All -Indexes<Files ~ "\.(php\d*|cgi|pl|phtml)$">order allow,denydeny from all </Files>
How can I force the above htaccess on ALL sub-directories of a particular folder?
Let me know if that made sense, thank you!
I deny access to ALL IP's except my home static IP.Just as a side note... why does anyone NOT have their AdminCP itself globally password protected???
http://www.vbulletin.com/forum/admincp/
Leave a comment:
-
-
Just as a side note... why does anyone NOT have their AdminCP itself globally password protected???
Leave a comment:
-
-
Hi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here... -
Hi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which... -
Good afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f... -
Leave a comment: