My VB4 install got hacked via the /install/ exploit, after which the hacker installed the c99madshell hack tool and changes some templates.
I have removed the hackers changes from the database by performing a full mysqldbcompare. Because it's difficult for me to rule out which changes from the 1 month older backup are legitimate changes, I have removed more rows than probably necessary:
-cleared the datastore table
-Removed exploit code from the plugin table by drop/copying the backup table.
-cleared the session table
-drop/copied the setting table (because the hacker did something in /install which causes different VB versions to be put in this table)
-cleared strikes table
-drop/copied the styles table
-drop/copied the template table from backup (contained hackers code)
-drop/copied the upgradelog table.
Then I did an upgrade to VB4.2.1, followed by an upgrade to 5.0.5. The first attempt to upgrade to 5.0.5 resulted in this error:
Same as: http://www.vbulletin.com/forum/forum...talling-vb-5-0
I solved this one by manually editing the config files.
Then the upgrade to 5.05 started, but at ~98% progress, I got the following error:
The associated upgrade log is attached.
How can I solve this upgrade problem?
I have removed the hackers changes from the database by performing a full mysqldbcompare. Because it's difficult for me to rule out which changes from the 1 month older backup are legitimate changes, I have removed more rows than probably necessary:
-cleared the datastore table
-Removed exploit code from the plugin table by drop/copying the backup table.
-cleared the session table
-drop/copied the setting table (because the hacker did something in /install which causes different VB versions to be put in this table)
-cleared strikes table
-drop/copied the styles table
-drop/copied the template table from backup (contained hackers code)
-drop/copied the upgradelog table.
Then I did an upgrade to VB4.2.1, followed by an upgrade to 5.0.5. The first attempt to upgrade to 5.0.5 resulted in this error:
Code:
PHP Warning: file_put_contents() [<a href='function.file-put-contents'>function.file-put-contents</a>]: Filename cannot be empty in /XXXXXXXXX/core/install/makeconfig.php on line 252, referer: http://XXXXXXXXXXXXXXX/core/install/upgrade.php
I solved this one by manually editing the config files.
Then the upgrade to 5.05 started, but at ~98% progress, I got the following error:
Code:
<?xml version="1.0" encoding="windows-1252"?> <?xml version="1.0" encoding="windows-1252"?> <error><![CDATA[The text for the phrase 'faq_text_not_safe' contains potentially unsafe code. Text in curly style php string substitution expressions (like {$vbulletin->somevalue}) is only allowed to contain the characters in a-z, A-Z, 0-9, square brackets ( [] ), and quotes ( "' ). This prevents possible arbitrary code execution when the phrase is processed.]]></error>
How can I solve this upgrade problem?