I modified my class_core.php file and changed over to the yui hosted on Google. It required a restart of my web server (to clear the cache) in order for users to be able to post again, but I also cleared the data on my CDN just for good measure.
vBulletin 3.x and 4.x Redirect Security Exploit
Collapse
This topic is closed.
X
X
-
-
-
This redirect exploit seems to have resurfaced again.
See http://developer.yahoo.com/yui/
In the meantime, do this:- Admin CP >> Settings >> Options >> Server Settings and Optimization Options
- Scroll down to Use Remote YUI
- Set this to Google
I did this. But, when I look at the source code for my page now, it shows:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/yui/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=410"></script>
Why wouldn't Google be using v.2.8.2 or 2.9.x?Comment
-
1) Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
2) In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.anders | vbulletin team | check out the new vbulletin facebook app
Proudly vBulletin'ing since 2001
Please be my friend! http://www.twitter.com/inetskunkworks
vBulletin Performance Articles: Click here to readComment
-
Is there anything we need to remove from the forum files or templates to get whatever they did off our sites. I couldn't log in with my password a couple of days ago and I had to have a new one sent. Then I noticed the traffic drop and investigated because this is the second time this has happened to me. What do we need to do to deslime our sites other than change that google drop down. Is upgrading enough? This is really getting old. Thank God I investigated this time before all my search rankings were destroyed again ... I hope so anyway.Comment
-
If you make the changes I indicated, as far as I know that removes the problem (i.e., the redirects). In the case of the 3.83 forum, where traffic had dropped off a clip, the return of traffic was almost immediate.Comment
-
I've been hit by this for the second time, so I'm really angry about it given that I'm running the latest version of 3.x. How seriously is vBulletin taking this problem?
EDIT: Never mind, I just wasn't looking hard enough.Last edited by Jason Dunn; Mon 30 May '11, 6:45pm.Comment
-
Comment
-
Comment
-
Yes, it can be a bit confusing. It's the HTTP & Server Settings I think.Comment
-
Changing the YUI version in class_core to 2.8.2 or 2.9.0 gives me this error when accessing threads:
Unable to add cookies, header already sent.
File: /home/swiftor/public_html/includes/class_core.php
Line: 1Comment
-
As a side note, I do use vbseo, I thought I saw another error relating to vbseo prior to changing it back to 2.7.0Comment
-
1. Make sure you have tyhe latest version of vBSEO installed.
2. Make sure you are uploading the correct version of includes/class_core.php
- I got a similar error when I first tried to change the version but it turned out I was uploading an earlier version that the one I was running (4.13).Comment
Related Topics
Collapse
-
by CorbinHHi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here...-
Channel: Support Issues & Questions
-
-
by fionixHi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which...-
Channel: Support Issues & Questions
-
-
by zyuzGood afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f...
-
Channel: Support Issues & Questions
-
-
by rag_gupta
-
Channel: Support Issues & Questions
-
Comment