Thanks for posting this. My forum was hacked recently as well (thread here), also vB4.2pl3. Of the plugins you're using, I use/used the following:
VSa - Advanced Forum Statistics 7.1
VSa - Sub-Forum Manager 3.1.4
Could these two (and other VSa plugins) have any exploits? VSa's AFS plugin has had its exploits before, in the vB3.8 version:
Did you secure your forum?
Vbulletin 4.2.0 pl3 hacked redirect to filestore72.info
Collapse
X
-
There is a new version of vBSEO available as Version 3.6.0 is supposed to have an exploit.Leave a comment:
-
Nice work alex.sk I can't believe this has never been solved before! I am making do on my board with a cron job to check for base64 encoded code in the datastore, which seems to work, but I will follow your recommendations above to hopefully solve this permanently.Leave a comment:
-
Same problem, so I traced it down.
register_globals + uninitialized $vbseo_crules being passed to preg_replace in vbseo.php.
Quick test:
Code:curl -b 'vbseo_crules%5B%2C%2Ce%5D=die%28vulnerable%29' http://host/vbulletin/index.php
This is NOT a vBulletin issue and this is NOT a vBSEO issue.Last edited by alex.sk; Sun 17 Feb '13, 2:03pm.👍 1Leave a comment:
-
If you disable and then re-enable ANY plugin, it clears the datastore but that doesn't solve the problem. This is NOT a vBulletin issue and this is NOT a vBSEO issue. It is a file and directory permissions issue on your server.
See:
vBulletin 3.x and 4.x Redirect Security Exploit
Google redirecting to filestore123.info
FAQ's on the Rogue Plugins Exploit (1/23 vBSEO Patch Release)
hacked by url123.info
Specific instructions at:
Leave a comment:
-
Check your server space for any files with malicious code and backdoors and the likes. Also check your database and most specificly the templates table. I have cleaned up quite a few forums and I have found backdoor/shell scripts which gave the hackers access whenever they felt like it.
Did you ask your host to check the access logs as it might be some clues to how they got in?
Alternatively have a look at this thread and try the clean up methods mentioned there
Leave a comment:
-
Vbulletin 4.2.0 pl3 hacked redirect to filestore72.info
My site has twice been hacked and redirect to http://filestore72.info/download.php?
The script only redirect in the first time the browser have cleaned cache and temps, and only redirect by google search if go to the browser and enter the url manual the script dont redirect to the http://filestore72.info/download.php?
My site:
vBulletin 4.2.0 Patch Level 3
Tabs en vBulletin 4.x 2.0.3
Tapatalk 4.3.0
vBSEO 3.6.0 pl2
Fuzzy SEO Booster 3 1.5.0b_costum
vBSEO :: Sitemap Generator 3.0
VSa - Advanced Forum Statistics 7.1
VSa - ChatBox 3.1.8
VSa - Sub-Forum Manager 3.1.4
After a quick search in the web i find another sites vbulletin with this problem.
Go to google and enter this to search and then click in the first result site you will be redirect to another site"filestore72.info"
Code:rapisalive.com faq Missing SOH data sim-outhouse sonicownersforum Iraqivet's build
Any one have a clue where is the hole?
- - - Updated - - -
Wen i turn off the tapatalk plugin and active again the problem go away but after 24 hours same problem again.Tags: None👍 1
Related Topics
Collapse
-
by DanloonaHi again.
I got issue with redirection.
How I can redirect https://www.domain.co.uk to https://domain.co.uk ?
I've added redirection on hosting panel but looks like...-
Channel: Support Issues & Questions
Mon 8 Oct '18, 4:32am -
Leave a comment: