vBulletin 3.x and 4.x Redirect Security Exploit
Collapse
This topic is closed.
X
X
-
-
Just as a side note... why does anyone NOT have their AdminCP itself globally password protected???
Sphinx Search for vBulletin 4: https://marketplace.digitalpoint.com...tin-4.870/item
Someone send me a message on Twitter when this site is usable again. https://twitter.com/digitalpointComment
-
Just as a side note... why does anyone NOT have their AdminCP itself globally password protected???http://forums.digitalpoint.com/admincp/http://www.vbulletin.com/forum/admincp/AdrianComment
-
Guys in light of the 'possibility' of an exploit being possible through the upload of a malicious script embedded in gifs I have followed advice and uploaded the following htaccess file to directories which allow users to upload images to (vBGallery, vBGarage, Customer avatars etc etc)
Options +FollowSymLinks
Options All -Indexes<Files ~ "\.(php\d*|cgi|pl|phtml)$">order allow,denydeny from all </Files>
How can I force the above htaccess on ALL sub-directories of a particular folder?
Let me know if that made sense, thank you!
Just as a side note... why does anyone NOT have their AdminCP itself globally password protected???
http://www.vbulletin.com/forum/admincp/Comment
-
I'm curious, is there anyone out there getting hit by the file2store.info exploit that does NOT have vbSEO installed? It looks like this is 100% on vbSEO to fix, but maybe I'm wrong about that...Comment
-
I've been hit by this @#?ing hack five times now and I'm really sick of it. I thought I fixed it last week when I updated vbSEO and vbSEO Sitemap Generator to the latest versions. Today I did a search in Chrome incognito window that would show me my forums, and the damn script is back!
If I disable vbSEO and the sitemap generator, I don't get the re-direct.
When I enabled Sitemap Generator, I don't get the re-direct.
When I enabled vbSEO, I don't get the re-direct.
So is there some file that is generated when vbSEO and the Sitemap generator are turned on and that file is getting hacked?
This entire thing baffles me - I've never had such a persistent problem like this before!
Unfortunately it looks to me like this problem will keep coming back until the guys at vbSEO fix the exploit these hackers are using. The guys at vBulletin can't do anything about that.
I thought it was a server issue having to do with permissions but tightened all those up and it returned on one 3.x forum too.
To remove it temporarily, do this:
1. Disable one of the plugins (doesn't matter which one) and then re-enable it. This will flush the datastore and get rid of the redirect. The problem is, that seems to be only a temporary fix.
2. Try this suggestion (this is the next step for me as well):
Remove any evil .gif files off your server
To do this, ssh to your server and run this command:
Code:find /home/main -regex '.*\.gif$' -exec grep php {} \;
It may be that the redirect came back on the forum I'm associated with because we didn't remove the original exec disguised as a gif? If so, it's not in the regular customavatars or customprofilepics folders because those are protected by .htaccess from running executables.
The truth is, I don't think anyone yet knows how this exploit is being accomplished and until we do there doesn't seem to be any sure way to eradicate it forever.Comment
-
Did anyone that got hit have the vbseo site map running and notice any errors in google webmasters tools
I have just flat lined on traffic for the last two weeks
Followed the steps on editing the class core file
Admin area has been htaccess protected since getting hit with the base 64 divert once last year
In my google webmasters account on the site map, I have several warnings.
This iis one of them
URLs not followed
When we tested a sample of URLs from your Sitemap, we found that some URLs redirect to other locations. We recommend that your Sitemap contain URLs that point to the final destination (the redirect target) instead of redirecting to another URL
HTTP Error: 302
URL: http://www.thespainforum.com/f188/ba...azette-239374/
Problem detected on: May 8, 2011
Just wondered if anyone else experienced the same when they got hit.Comment
-
Make sure you update to the latest versions of vBulletin, vBSEO, and vBSEO Sitemap. But also make sure that you delete any leftover files from old versions, since they may continue to provide entry points for malware or hacks as long as they are on your server.Comment
-
My post was just for information purposes, I don't have any issue. But thanks........Comment
-
I just went on vbseo to check what the latest version of the site map is and Im up to date on that one.
Still shows 3.0 as the current version
I also keep site map access to yahoo, bing, msn and google via htaccess ip allow
Found the odd normal person / website designer looking at it
Plus it locks down another admin area.Comment
-
Yes, you've participated in this thread.
.......Comment
-
Yes, you've participated in this thread.
JFYI, a few posts down, Mert posted "I am sorry but we are talking about vBSEO product not sitemap generator.".Baby, I was born this wayComment
Related Topics
Collapse
-
by CorbinHHi at vB,
I am planning to update our site Australian Photoholics Forum "ausph.com" to SSL.
Last time we tried this, we broke our site which was down for a week!
Everyone here...-
Channel: Support Issues & Questions
Wed 24 Oct '18, 1:36am -
-
by fionixHi,
I was just wondering how you get the URL shorten in Vbulletin 5.1.7 ?
From what I can see you have it done here at vbulletin.com - see url below... there is this number (which...-
Channel: Support Issues & Questions
Wed 22 Apr '15, 3:28am -
-
by zyuzGood afternoon.I set ssl whatever forum was on the https protocol, prescribed in your permanent address offline via https, but do not know how to do so, that would be a http version offline (http://f...
-
Channel: Support Issues & Questions
Tue 5 Aug '14, 3:41am -
Comment