vBulletin 3.x and 4.x Redirect Security Exploit

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • swiftor
    Member
    • Feb 2009
    • 65
    • 4.0.0

    #46
    Thanks for the reply, although I believe I have both steps 1 and 2 covered. 3.6.0 of vbseo, and I downloaded my existing core_class.php to edit, then re-uploaded it. Just changed the 7 to a 9.

    I tried a server reboot as suggested by motowebmaster, but had no luck there, I just ended up with every page, even forum home, giving:

    Warning: Cannot modify header information - headers already sent by (output started at [path]/includes/class_core.php:1) in [path]/includes/functions.php on line 3904


    I also tried disabling VBSEO and vbOptimize (which handles CDN caching of many files), and still had no luck.

    Anything else I can try?


    Originally posted by djbaxter
    1. Make sure you have tyhe latest version of vBSEO installed.

    2. Make sure you are uploading the correct version of includes/class_core.php
    - I got a similar error when I first tried to change the version but it turned out I was uploading an earlier version that the one I was running (4.13).
    Last edited by swiftor; Tue 31 May '11, 4:10am.
    GameOn Friendly Multiplayer Gaming Community

    Comment

    • digitalpoint
      Senior Member
      • Mar 2004
      • 2573
      • 4.1.x

      #47
      Sounds like you added an extra carriage return (or some other charcter) before the <?php opening tag in class_core.php.
      Sphinx Search for vBulletin 4: https://marketplace.digitalpoint.com...tin-4.870/item
      Someone send me a message on Twitter when this site is usable again. https://twitter.com/digitalpoint

      Comment

      • dendrob
        New Member
        • Mar 2006
        • 29
        • 3.5.x

        #48
        So much for the YUI theory. I did as instructed, worked for a day and now I'm redirecting again. @#$%^%%^ !!!!

        Comment

        • Ramsesx
          Senior Member
          • Aug 2005
          • 3254
          • 3.8.x

          #49
          I don't get why there is a security patch, so far as it is known, there are only two yui files affected, one isn't in vB3.x and the other one was patched already. An explanation would be appreciated.
          .......

          Comment

          • Zachery
            Former vBulletin Support
            • Jul 2002
            • 59097

            #50
            Originally posted by Ramsesx
            I don't get why there is a security patch, so far as it is known, there are only two yui files affected, one isn't in vB3.x and the other one was patched already. An explanation would be appreciated.
            Better safe than sorry.

            Comment

            • Ramsesx
              Senior Member
              • Aug 2005
              • 3254
              • 3.8.x

              #51
              Originally posted by Zachery
              Better safe than sorry.
              That's true. Good job.
              .......

              Comment

              • briansol
                Senior Member
                • Apr 2006
                • 674
                • 3.6.x

                #52
                The download for 3.8.7 pl1 and my current version yui (3.8.5) are the exact same file sizes on all files. Changing the define in class_core won't do anything for local hosted.

                So, why isn't the local instance patched? I have no desire to run remote when i have my own min functionality and cdn serving my js with superior performance of my own server and minimization and skips a dns lookup over remotely hosted.

                Should i just download yui from yahoo themselves and find the files to upload on my own? why weren't the files updated?

                Comment

                • swiftor
                  Member
                  • Feb 2009
                  • 65
                  • 4.0.0

                  #53
                  Thanks, edited it via Putty and it seems fine now!

                  Now to see if traffic bumps up..

                  Originally posted by digitalpoint
                  Sounds like you added an extra carriage return (or some other charcter) before the <?php opening tag in class_core.php.
                  GameOn Friendly Multiplayer Gaming Community

                  Comment

                  • BirdOPrey5
                    Senior Member
                    • Jul 2008
                    • 9613
                    • 5.6.3

                    #54
                    I don't understand the security patch- it only changes the line in the class_core.php file to 2.9.0. What if your settings were set to use a local copy of the files (like mine were)? How can changing a line in a file upgrade your local copy of your YUI files?

                    Comment

                    • Marvin Hlavac
                      Member
                      • Sep 2007
                      • 98

                      #55
                      Hmm, so does the 3.8.7 PL1 include the latest YUI, or it doesn't? I serve my own to save a DNS look up, and I combine my .js files to save http requests. I'm not about to revert these improvements. Could a vB staff please confirm the latest YUI is or isn't included?

                      Comment

                      • Zachery
                        Former vBulletin Support
                        • Jul 2002
                        • 59097

                        #56
                        Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo

                        Comment

                        • Bacon Butty
                          Senior Member
                          • Jun 2005
                          • 162

                          #57
                          Originally posted by dendrob
                          So much for the YUI theory. I did as instructed, worked for a day and now I'm redirecting again. @#$%^%%^ !!!!
                          Same here, in addition to this error;


                          I think the issue is beyond the YUI

                          Originally posted by Zachery
                          Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo
                          What if that doesn't resolve the issue?

                          If you check my forum. View the source code, you'll see the YUI amend has been made.

                          Then google 'Everton Forum' - Click my forum and you'll more likely than not end up at a dodgy myfilestore.com link.

                          Comment

                          • briansol
                            Senior Member
                            • Apr 2006
                            • 674
                            • 3.6.x

                            #58
                            Originally posted by Zachery
                            Right now, i Don't believe it does, you should serve the YUI from Google/Yahoo
                            Thanks for the confirmation of a half-patch.

                            Patching on my own, again..........................

                            Comment

                            • PixelGal
                              Senior Member
                              • May 2004
                              • 215
                              • 3.6.x

                              #59
                              I did all of the steps a few days ago and they got me again today. I have upped security... changed passwords. What can I do to stop this?

                              Comment

                              • briansol
                                Senior Member
                                • Apr 2006
                                • 674
                                • 3.6.x

                                #60
                                check your logs. no one really knows and any log data you have may help find the leak.

                                Comment

                                Related Topics

                                Collapse

                                Working...