A fix if your site is already exploited

Collapse
X
 
  • Time
  • Show
Clear All
new posts

  • Diablotic
    replied
    This is mad, I have excatly the same issue for few days now and have no idea what is causing it. Please help.

    Leave a comment:


  • ZeroHour
    replied
    Originally posted by Jaxo
    anything in particular I should be looking for?
    Tbh although others have said it wont help a screenshot or list of addons might point out a recently hacked one.

    Leave a comment:


  • Kensino
    replied
    Originally posted by Jaxo
    Ok, It appears you are correct,. I removed the skin and reinstalled and its clean// Thank you

    I notice original post is from 2009,.. still no proper fix for this?
    uhhh... the original post is from yesterday.. what are you talking about 2009? Please go back and read again.

    Yesterday, 2:03am

    Leave a comment:


  • Jaxo
    replied
    anything in particular I should be looking for?

    Leave a comment:


  • Jaxo
    replied
    Thanks zerohour, I appreciate the help m8.

    Leave a comment:


  • ZeroHour
    replied
    Originally posted by Jaxo
    Ok, It appears you are correct,. I removed the skin and reinstalled and its clean// Thank you

    I notice original post is from 2009,.. still no proper fix for this?
    You need to find your apache access logs. They give a lot of clue to whats going on and if they can still get in. Change account passwords as well.

    Leave a comment:


  • Jaxo
    replied
    Ok, It appears you are correct,. I removed the skin and reinstalled and its clean// Thank you

    I notice original post is from 2009,.. still no proper fix for this?

    Leave a comment:


  • Jaxo
    replied
    Thanks Zero hour, I will try this now and post back...

    TBH this whole vbulletin thing is a let down,. I ran a phpBB site for 3 years and dont know why i bothered moving to vb,. basically imo its an unsafe unreliable product.. 2 months ive had it and have had it so far and everytime I update it there is another frecking update.. can they not do it correct the first time or is it just an unsecure product?
    Last edited by Jaxo; Thu 1 Mar '12, 3:07pm.

    Leave a comment:


  • ZeroHour
    replied
    Originally posted by Jaxo
    I had this same problem,..turned out to be a blue pearl skin

    http://www.bluepearl-skins.com/forum...-into-website/
    Erm have they confirmed that or have you found the code in the template files xml?
    If someone breached they would put the template edit into your default style which was blue pearl but not nessarily the master/every style.
    Try reimporting the skin or doing a search for the code in the skins import xml.

    Leave a comment:


  • Jaxo
    replied
    I had this same problem,..turned out to be a blue pearl skin

    "EDIT"

    Idk what is causing this prob,. not the skin after reinstall
    Last edited by Jaxo; Thu 1 Mar '12, 3:08pm.

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by mainframe
    Yes, but it would also help to identify the problem, in cases of SQL injection it's vital to find this fast.
    Unless you know PHP and review the code of all your plugin's you'll never be able to find a SQL Injection by comparing Addons. If you're looking for a SQL injection, you should review your web access log because these are done via the URL.

    A plugin can do direct access to the database as it has access to vBulletin's engine. As such it doesn't need to resort to SQL Injections, it just runs code.

    Leave a comment:


  • mainframe
    replied
    Originally posted by Mark.B
    That's not necessarily helpful, it panics people.
    Yes, but it would also help to identify the problem, in cases of SQL injection it's vital to find this fast.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by Mr Jolly
    What plugins do you use and we'll compare which one's it could have been.
    That's not necessarily helpful, it panics people.

    Leave a comment:


  • Mr Jolly
    replied
    Originally posted by .Josh
    What mod/plugin was doing this?
    What plugins do you use and we'll compare which one's it could have been.

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by .Josh
    What mod/plugin was doing this?
    No one has established that it is indeed a mod or plugin causing the problem. That is just one possible vector for exploits.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...