Announcement

Collapse
No announcement yet.

Malicious popup pages

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Malicious popup pages

    My site is http://www.morocco-knowledgebase.net

    I'm running on a Hostgator shared hosting account
    vBulletin version: 4.2.2
    PHP version: 5.4.45
    MySQL version: unknown (can't find server variables under Maintenance -> Diagnostics)
    Addons installed: Forum Runner, PostRelease and vBulletin Blog are all marked with strike through on name. Panjo, Skimlinks and vBulletin CMS are listed without strike through.
    Styles: only default, orange and default mobile are installed, no custom styles
    Browser: it seems any.

    Problem: Visitors who are not logged into the site when viewing pages are reporting malicious-looking popup pages. This doesn't happen when logged into the site.

    Problem reproduction: click on http://www.morocco-knowledgebase.net then under 'Knowledgebase routes' click on 'Central High Atlas', then 'C10 Tassaout Traverse'. Sometimes this produces the popup pages, sometimes not. I don't understand what the trigger is.

    I have scanned the files using Maintenance > Diagnostics > Suspect scan with the following exception results

    ./
    blogpost.php File not recognized as part of vBulletin
    groups.php File not recognized as part of vBulletin
    packing.php File not recognized as part of vBulletin
    test.txt File not recognized as part of vBulletin

    ./clientscript
    vbulletin-core.js File does not contain expected contents
    vbulletin_md5.js File does not contain expected contents
    vbulletin_read_marker.js File version mismatch: found 3.8.9 , expected 4.2.2

    ./clientscript/yui/yuiloader-dom-event
    yuiloader-dom-event.js File does not contain expected contents


    I suspect I am expected to replace the 'unexpected contents' files with fresh versions from 4.2.2 but I can't locate the original files on my system (I installed VB maybe six years ago). I can only find v4.1.1

    Is it possible to download v4.2.2?
    Or does it make more sense to either upgrade to v4.2.5, or use the special offer (runs out tomorrow) to upgrade to v5?

    The other issue I have is that I can't back the database up using the Admin Control Panel and I can't work out how to do this otherwise.

    Would be grateful for assistance. Apologies in advance for my lack of experience in this.

    Tim

  • #2
    Hi Tim,
    Just clicked on your suggested path and all sorts of malicious pop ups appeared, the only way to get rid of them was by killing my FireFox from Task Manager and then choosing not to open the 5 or 6 popup windows on restart. You might want to put a warning on this thread.

    I can't help you with what is causing this but it is possible to download all versions of 4.x.x. from the customer download area here.

    Comment


    • #3
      Sorry about that, on my Mac running Google Chrome I can just close the windows, so wasn't aware of the difficulty.

      I have now downloaded v2.2.2 patch level 6. The first four files above (not recognised) were all zero length and I have renamed them just in case. I have replaced the other four files (unexpected contents) and it seems from the limited testing I can do at this end that the problem of the malicious-looking popup pages has been resolved. I'd be grateful if you could confirm this.

      I'd still appreciate information on database backup.

      It seems the version of PHP that I have available prevents me installing v4.2.5 as it needs PHP 5.6.0

      Tim

      Comment


      • #4
        Hi Tim,

        Just tried it again and indeed all does seem to be fine now, weíll done.

        Without knowing what you have access to regarding the backup of the server Iím not sure what to advise.

        I can give you a bell tomorrow if you want? Are you still on the number ending 99?

        Comment


        • #5
          Yes, that's the right number. Thanks.

          Comment


          • #6
            I've worked out how to do a full site backup and also a MySQL backup using the Hostgator cPanel software.

            Now about to explore how to upgrade to a later vB version given the low PHP version I'm on.

            Comment


            • #7
              Bat21, thanks for the phone call. It's a small world!

              It seems nothing is easy. In order to upgrade to vB v4.2.5 I need PHP 5.6.0 or higher but not as high as 7.2.0. vBulletin Admin Control Panel said I was on v5.4.45, yet Hostgator's cPanel reckoned I was on v5.6

              So I went onto chat with Hostgator who upgraded me to PHP 7.0 However after this upgrade vBulletin Admin Control Panel wouldn't load and instead I started getting error messages such as
              "Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; vB_Registry has a deprecated constructor in /home1/morocco/public_html/forum/includes/class_core.php on line 3138"

              So Hostgator downgraded me to PHP 5.6 and now everything seems hunky dory. MySQL is already current enough.

              Comment


              • #8
                You will need to do the following:

                Update your php version to 5.6.
                Upgrade vBUlletin to 3.8.11.

                There is no way to make newer versions of vBulletin compatible with older versions of php.

                Note however that upgrading vBulletin is not a 'magic fix' for existing compromises on the server. You will need to get those fixed as well.
                MARK.B | vBULLETIN SUPPORT

                TalkNewsUK - My vBulletin 5.5.0 Demo
                AdminAmmo - My Cloud Demo

                Comment


                • #9
                  Originally posted by Mark.B View Post
                  You will need to do the following:

                  Update your php version to 5.6.
                  Upgrade vBUlletin to 3.8.11.

                  There is no way to make newer versions of vBulletin compatible with older versions of php.

                  Note however that upgrading vBulletin is not a 'magic fix' for existing compromises on the server. You will need to get those fixed as well.
                  Mark, Tim is on 4.2.2, surely going back to 3.8.11 isnít the way forward?

                  Comment


                  • #10
                    Originally posted by Bat21 View Post

                    Mark, Tim is on 4.2.2, surely going back to 3.8.11 isnít the way forward?
                    Sorry, I meant 4.2.5.
                    MARK.B | vBULLETIN SUPPORT

                    TalkNewsUK - My vBulletin 5.5.0 Demo
                    AdminAmmo - My Cloud Demo

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X