vBulletin 3.x and 4.x Redirect Security Exploit
Collapse
This topic is closed.
X
X
-
For those who are still having issues with the Google redirects. another suggestion from a vBSEO thread (it doesn't involve vBSEO itself so it's relevant to forums not running vBSEO):
See http://www.vbseo.com/f77/google-redi...tml#post309843
Create this .htaccess file for all writeable vBulletin subdirectories (e.g., uploadable images):
Code:<Files ~ "\.(php\d*|cgi|pl|phtml)$"> order allow,deny deny from all </Files>
Code:RedirectMatch 404 .*php\.
Note: Do NOT use this in your root or in directories cexecutableseded execautables.
Depending on your version of vBulletin and how you have it configured, the following subdirectories may need this protection:
- customavatars
- signaturepics
- customprofilepics
- attachments
Make sure that all other vBulletin directories are write protected (755 or 644).Leave a comment:
-
Anyone having an issue with their google traffic being refered to another site, open a support ticket.Leave a comment:
-
-
-
-
Your exploit has nothing to do with our patch.
You have a support ticket open with me and I've replied asking for more information. We updated YUI as a precaution to a potential issue, instead of waiting to let it get exploited and fixing it then.
The sooner you respond to the ticket with the information requested the sooner we can look at the issue.Last edited by Zachery; Fri 3 Jun '11, 11:31am.Leave a comment:
-
Sorry you felt it was 'snide'. That was certainly not my intention.
Also I was not aware you already had two other threads on this same issue when I posted that. I was merely trying to make sure your issue got the attention it deserved. Unfortunately try as I might, I am simply not all-knowing. All can do is try my best.
Either way. A week on, I'll continue pressing F5 on my thread as the vast majority of my forums traffic are directed elsewhere. I'll excuse myself now. Sorry to the OP for sabotaging your thread - a member made a post of which I was hoping could be elaborated to the assistance of myself and possibly others. Silly me.Leave a comment:
-
Don't understand why my comment deserved a "start your own thread" (which I already had two...), when so many others are debating the same issue and not receiving a snidey comment?
And besides - if I'm ill-educated, shouldn't your response have been made in "my thread"?
AndI'm pretty sure the last line of the last post in my support thread is pretty straight forward;
But I will support a ticket thanks - but my faith in vBulletin is absolutely shot and I'd be reluctant to hand over that sensitive information.
Still at loss towards the "no comment" stance to the "Your fix doesn't work....". www.grandoldteam.com/forum . View source - amends made - google the forum - directed elsewhere.
Also I was not aware you already had two other threads on this same issue when I posted that. I was merely trying to make sure your issue got the attention it deserved. Unfortunately try as I might, I am simply not all-knowing. All can do is try my best.Leave a comment:
-
From: http://www.vbulletin.com/forum/showt...=1#post2166556
Resolved or not? You message is not clear. If you still gave an issue and do not have any add-on installed, then fill out a support ticket at:
Please include a complete description of the problem and be sure to include the login info to your Admin CP, phpMyAdmin and FTP in the 'Sensitive Data' field.
And besides - if I'm ill-educated, shouldn't your response have been made in "my thread"?
AndI'm pretty sure the last line of the last post in my support thread is pretty straight forward;
With the 'Patch' though (and YUI amend in admincp), a search for my forum in Google is still directing elsewhere...
Still at loss towards the "no comment" stance to the "Your fix doesn't work....". www.grandoldteam.com/forum . View source - amends made - google the forum - directed elsewhere.Leave a comment:
-
-
Unfortunately - I wasn't surprised by it either. That's the disappointing thing.
Even worse then you consider I've waited over a week without any official 'support' since first creating a thread - a thread Steve advised I created;
http://www.vbulletin.com/forum/showthread.php/380708-Google-Re-Direct-clicks-to-my-forum-to-MyFileStore.com
The fix doesn't work. It's evident - still no comment. Poor, poor, poor.
Thanks all. Resolved. Was never config as that file was never amended.
Download PHP Editor and that detected the odd code that a save with notepad seemed to insert.
With the 'Patch' though (and YUI amend in admincp), a search for my forum in Google is still directing elsewhere.
Please include a complete description of the problem and be sure to include the login info to your Admin CP, phpMyAdmin and FTP in the 'Sensitive Data' field.Leave a comment:
-
Even worse then you consider I've waited over a week without any official 'support' since first creating a thread - a thread Steve advised I created;
http://www.vbulletin.com/forum/showthread.php/380708-Google-Re-Direct-clicks-to-my-forum-to-MyFileStore.com
The fix doesn't work. It's evident - still no comment. Poor, poor, poor.Leave a comment:
Related Topics
Collapse
-
by CorbinHHi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here...-
Channel: Support Issues & Questions
-
-
by fionixHi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which...-
Channel: Support Issues & Questions
-
-
by zyuzGood afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f...
-
Channel: Support Issues & Questions
-
-
by rag_gupta
-
Channel: Support Issues & Questions
-
Leave a comment: