vBulletin 3.x and 4.x Redirect Security Exploit

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • motowebmaster
    Senior Member
    • Mar 2006
    • 255
    • 3.5.x

    #31
    I modified my class_core.php file and changed over to the yui hosted on Google. It required a restart of my web server (to clear the cache) in order for users to be able to post again, but I also cleared the data on my CDN just for good measure.
    Shawn

    Comment

    • Zachery
      Former vBulletin Support
      • Jul 2002
      • 59097

      #32
      There is no class_core exploit.

      Comment

      • Oakley
        New Member
        • May 2011
        • 3
        • 4.1.x

        #33
        Originally posted by djbaxter
        This redirect exploit seems to have resurfaced again.

        See http://developer.yahoo.com/yui/



        In the meantime, do this:
        1. Admin CP >> Settings >> Options >> Server Settings and Optimization Options
        2. Scroll down to Use Remote YUI
        3. Set this to Google

        I did this. But, when I look at the source code for my page now, it shows:

        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script>

        Why wouldn't Google be using v.2.8.2 or 2.9.x?

        Comment

        • IBxAnders
          Senior Member
          • Aug 2001
          • 1172
          • 4.0.x

          #34
          1) Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
          2) In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.
          anders | vbulletin team | check out the new vbulletin facebook app
          Proudly vBulletin'ing since 2001
          Please be my friend!
          http://www.twitter.com/inetskunkworks
          vBulletin Performance Articles:
          Click here to read

          Comment

          • Oakley
            New Member
            • May 2011
            • 3
            • 4.1.x

            #35
            Thanks for the info. I'll do that added step and see what happens.

            Comment

            • Oakley
              New Member
              • May 2011
              • 3
              • 4.1.x

              #36
              Worked! Thanks for the assist.

              Comment

              • PixelGal
                Senior Member
                • May 2004
                • 215
                • 3.6.x

                #37
                Is there anything we need to remove from the forum files or templates to get whatever they did off our sites. I couldn't log in with my password a couple of days ago and I had to have a new one sent. Then I noticed the traffic drop and investigated because this is the second time this has happened to me. What do we need to do to deslime our sites other than change that google drop down. Is upgrading enough? This is really getting old. Thank God I investigated this time before all my search rankings were destroyed again ... I hope so anyway.

                Comment

                • djbaxter
                  Senior Member
                  • Aug 2006
                  • 1418
                  • 4.2.5

                  #38
                  If you make the changes I indicated, as far as I know that removes the problem (i.e., the redirects). In the case of the 3.83 forum, where traffic had dropped off a clip, the return of traffic was almost immediate.
                  Psychlinks Web Services Affordable Web Design & Site Management
                  Specializing in Small Businesses and vBulletin/Xenforo Forums

                  Comment

                  • Jason Dunn
                    New Member
                    • Jul 2006
                    • 29

                    #39
                    I've been hit by this for the second time, so I'm really angry about it given that I'm running the latest version of 3.x. How seriously is vBulletin taking this problem?

                    EDIT: Never mind, I just wasn't looking hard enough.
                    Last edited by Jason Dunn; Mon 30 May '11, 6:45pm.

                    Comment

                    • djbaxter
                      Senior Member
                      • Aug 2006
                      • 1418
                      • 4.2.5

                      #40
                      Originally posted by Jason Dunn
                      EDIT: Never mind, I just wasn't looking hard enough.
                      Looking hard enough for what?
                      Psychlinks Web Services Affordable Web Design & Site Management
                      Specializing in Small Businesses and vBulletin/Xenforo Forums

                      Comment

                      • Jason Dunn
                        New Member
                        • Jul 2006
                        • 29

                        #41
                        Originally posted by djbaxter
                        Looking hard enough for what?
                        For the Server Settings option...it's kind of baffling that the lists aren't organized alphabetically.

                        Comment

                        • djbaxter
                          Senior Member
                          • Aug 2006
                          • 1418
                          • 4.2.5

                          #42
                          Yes, it can be a bit confusing. It's the HTTP & Server Settings I think.
                          Psychlinks Web Services Affordable Web Design & Site Management
                          Specializing in Small Businesses and vBulletin/Xenforo Forums

                          Comment

                          • swiftor
                            Member
                            • Feb 2009
                            • 65
                            • 4.0.0

                            #43
                            Changing the YUI version in class_core to 2.8.2 or 2.9.0 gives me this error when accessing threads:



                            Unable to add cookies, header already sent.
                            File: /home/swiftor/public_html/includes/class_core.php
                            Line: 1
                            GameOn Friendly Multiplayer Gaming Community

                            Comment

                            • swiftor
                              Member
                              • Feb 2009
                              • 65
                              • 4.0.0

                              #44
                              As a side note, I do use vbseo, I thought I saw another error relating to vbseo prior to changing it back to 2.7.0
                              GameOn Friendly Multiplayer Gaming Community

                              Comment

                              • djbaxter
                                Senior Member
                                • Aug 2006
                                • 1418
                                • 4.2.5

                                #45
                                1. Make sure you have tyhe latest version of vBSEO installed.

                                2. Make sure you are uploading the correct version of includes/class_core.php
                                - I got a similar error when I first tried to change the version but it turned out I was uploading an earlier version that the one I was running (4.13).
                                Psychlinks Web Services Affordable Web Design & Site Management
                                Specializing in Small Businesses and vBulletin/Xenforo Forums

                                Comment

                                Related Topics

                                Collapse

                                Working...